Page MenuHomeMiraheze

Create CVE policy for extensions managed by Miraheze
Open, HighPublic


After the CVE created last night and the disagreements that occurred it's necessary to have a clear written policy that makes it clear when a CVE should be created, what it should contain and and how drafts should be reviewed prior to publication.

Event Timeline

Reception123 created this task.

@Owen Would you be able to provide some comments and suggestions for what you think needs to be considered before opening a security advisory and requesting a CVE from GitHub?