On Tue, 24 Sep 2024 19:20:11 GMT, George Adams <gd...@openjdk.org> wrote:
>> Currently the [security tab](https://github.com/openjdk/jdk/security) on the >> GitHub repos is empty with no clear information or links on where to report >> security vulnerabilities. >> >> <img width="1278" alt="Screenshot 2024-09-24 at 14 28 37" >> src="https://github.com/user-attachments/assets/4fd68f9f-46d8-4c06-ad71-52747c8f5cf2";> >> >> I've added a simple SECURITY.md file which includes the link to the official >> policy on the website. > > George Adams has updated the pull request incrementally with one additional > commit since the last revision: > > switch to link to website Changes requested by mr (Lead). SECURITY.md line 3: > 1: # OpenJDK Vulnerabilities > 2: > 3: Please follow the process outlined in the [OpenJDK Vulnerability > Policy](https://openjdk.org/groups/vulnerability/report) to disclose > vulnerabilities in the OpenJDK codebase. s/OpenJDK/JDK/ in the title and immediately preceding “codebase”, please. “OpenJDK” is the name of a community; “JDK” is the name of a body of code. Having done that, you could simplify “in the JDK codebase” simply to “in the JDK”. ------------- PR Review: https://git.openjdk.org/jdk/pull/21155#pullrequestreview-2326594491 PR Review Comment: https://git.openjdk.org/jdk/pull/21155#discussion_r1774163597
