Use CVD Tools to Manage Vulnerability Reports

Description

Ensure the project utilizes a CVD tool to privately receive and manage external vulnerability reports (e.g., HackerOne, GitHub PVR)

Dashboard Inclusion

We use the column has_useCVDToolForVulns_policy from the table projects to calculate the status, this column is populated using the bulk importer. More information

Details

Default Category: coordinated vulnerability disclosure
Default Priority Group: P7
Implementation Details: It is manual (details).
C-SCRM: false
Sources: OpenSSF Best Practices Badge Passing Level (vulnerability_report_private)
How To: Github Docs

Description​

Dashboard Inclusion​

Details​

Description

Dashboard Inclusion

Details