Hello commons-dev! I found the very lovely https://commons.apache.org/security.html page and I very much appreciate the links out to individual project's security pages. However, it looks like a little under half (9/21) have security pages linked.
Does this mean that the other 12 projects have never had a security vulnerability reported? Reported but rejected? Reported and triaged in other ways - e.g. patched but not assigned a CVE? Any insight into the practices of the community is appreciated! Thanks, Mike --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
