We should add a SECURITY.md #646

issue real-or-random opened this issue on July 3, 2019
  1. real-or-random commented at 2:50 PM on July 3, 2019: contributor

    It's now good practice to have a SECURITY.md file that explains a well-defined process for reporting vulnerabilities. Core has this too: https://github.com/bitcoin/bitcoin/blob/master/SECURITY.md

    This is also a good chance to think about the process, i.e., who should actually be informed about vulnerabilities in this library. This is not completely obvious since this library somehow belongs to Bitcoin Core (I mean the software, not the "organization"/group of people) but on the other hand is maintained separately.

  2. real-or-random renamed this:
    No SECURITY.md
    We should add a SECURITY.md
    on Jul 3, 2019
  3. elichai commented at 4:15 PM on July 3, 2019: contributor

    Maybe this question should go on to the mailing list / bitcoin/bitcoin issues too? so that the rest of the bitcoin community/maintainers could express their opinions. I think it's a very good question.

  4. jonasnick closed this on Nov 26, 2019
  5. achow101 referenced this in commit 387d723c3f on Oct 31, 2024
Contributors
real-or-randomelichai
Linked (view graph)
#679 Add SECURITY.md
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 06:52 UTC