After the CVE created last night and the disagreements that occurred it's necessary to have a clear written policy that makes it clear when a CVE should be created, what it should contain and and how drafts should be reviewed prior to publication.
Description
Description
Event Timeline
Comment Actions
@Owen Would you be able to provide some comments and suggestions for what you think needs to be considered before opening a security advisory and requesting a CVE from GitHub?