Marta Rybczynska's blog

    SECURITY.md: should I have it?

    Monday, July 31, 2023 - 10:33 by Marta Rybczynska
    You might have noticed a SECURITY.md file in git repositories of multiple projects. Should you have it? The answer is yes . Who uses SECURITY.md? When a security researcher has a potential vulnerability to communicate to a project, SECURITY.md is one of the first places (if not the first one)...

    How to Report a Security Issue in an Eclipse Foundation Project?

    Friday, June 30, 2023 - 01:17 by Marta Rybczynska
    Have you found something that looks like a security issue in an Eclipse Foundation project? Here is a description of how to report them. Method 1: Project-specific Instructions First, look if the concerned project has SECURITY.md in its main repository. If it does, follow the instructions from that file. Method...

    Eclipse Foundation Default Security Tracker Moves!

    Thursday, June 29, 2023 - 16:16 by Marta Rybczynska
    Eclipse Foundation projects share a default way to report security issues. Security researchers and all concerned users can create private issues to describe potential security issues so that projects can learn about them, study and fix them. For years, security issues have been reported using Bugzilla. Recently, related to the...