Proposal for SSWG incubation process change: add section about security requirements

this proposal proposes to amend the SSWG incubation process. the SSWG seeks the community's feedback about this change.

  • author: @tomerd
  • feedback period: 2019-08-15 ..< 2019-08-29

motivation: add more explicit requirements around notifying the workgroup of security vulnerabilities so that this information can be shared with the user community

changes:

  • add a "Security Best Practices" section with explicit instructions around notifying the workgroup of vulnerabilities
  • move vulnerabilities fixing requirements from "Graduation Requirements" to "Security Best Practices"
8 Likes

Huge +1 from me.

+1 With the SSWG providing a set of standards and a bigger and bigger part of the ecosystem depending on them, I think it's important to have a clear way to bring up security vulnerabilities.

+1-ed on the PR but might as well here :slight_smile: Very important to set and follow the right standards about security for projects under the umbrella :+1:

this is now merged

3 Likes