specs icon indicating copy to clipboard operation
specs copied to clipboard
verified publisher icon scientific-python

Add spec about security policy

Open juanis2112 opened this issue 8 months ago • 0 comments

This PR introduces a new SPEC focused on Security Policy.

The SPEC outlines how projects can create and maintain a clear and accessible SECURITY.md file to guide users on how to report vulnerabilities responsibly and enable maintainers to respond effectively.

There have been ongoing conversations in the community, particularly at the Developer Summit 2024 and Developer Summit 2025 about improving how we handle vulnerability disclosure. A key part of that is making sure users know how to report issues properly and that starts with a clear security policy.

Due to the complexity of the broader disclosure process, we decided to split the work into two separate SPECs:

  1. Security Policy (this PR)

  2. Vulnerability Disclosure Process (coming soon in a PR by @mihaimaruseac )

A lot of the projects in the ecosystem already have a security policy but this SPEC will hopefully encourage more of them to adopt it.

Link to issue Discourse post

juanis2112 avatar May 14 '25 00:05 juanis2112