Change to write GitHub security advisories - attention repo maintainers

Joseph Reynolds jrey at
Thu Jul 28 08:21:10 AEST 2022

OpenBMC community and technical oversight committee,

The security response team has been working to improve the process we 
use to respond to security vulnerabilities.  In short, we propose using 
GitHub security advisories, one per repository.  This better aligns with 
industry standards, and it means owners and maintainers will have a 
greater role.

I pushed a gerrit review to preview the details.  Please take a look.  
We are still working out the details and will continue to discuss before 
implementing this change.

- Joseph

More information about the openbmc mailing list