Remove ich#8182
Conversation
|
Suggested rewording of the whole doc: Security PolicySupported VersionsWe provide build scripts for many (thousands) of open source projects, often covering multiple versions per project. Failures related to the upstream projects or their source code should be assessed and reported directly to the corresponding open source community. We do not have the bandwidth to triage, track, or maintain context for issues that originate outside of our build scripts. An Open Source Edge (OSE) portal is available at https://open-source-edge.developerfirst.ibm.com/. Please review the portal to identify version-specific SBOMs, licenses, and CVEs for a limited set of packages that are onboarded to the Manage Currency set. If you identify a security issue introduced by our build process, please file an issue directly in this GitHub repository. If the vulnerability is publicly disclosed, ensure that the issue is reported against the specific build script directory where the issue exists. Reporting a VulnerabilityIf a vulnerability is reported via a GitHub issue, we will make a best-effort attempt to triage and assign it as quickly as possible. Given our agile development model, such issues are typically reviewed at the start of a two-week sprint. You should expect an initial response within approximately four weeks. |
2 participants
Uh oh!
There was an error while loading. Please reload this page.