Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
-
None
Description
We should add https://github.com/apache/.github/blob/main/.github/SECURITY.md to all our repositories (but linking to [1]), as per https://twitter.com/iamamoose/status/1417104695626240001:
All Apache projects follow the default ASF security policy; but not all have a github SECURITY․md file, and they get penalised, i.e. with lower #openssf scorecard scores (http://metrics.openssf.org)
Tentatively assigning to myself but if someone beats me to it I'd be happy!
[1] https://sling.apache.org/project-information/security.html