The project should include a SECURITY.md file to point people towards the right place to submit potential security vulnerabilities responsibly.
This can be done at https://hackerone.com/wordpress?type=team, the HackerOne account for the entire WordPress project.
We already have a piece of documentation here: https://make.wordpress.org/cli/handbook/contributions/contributing/#reporting-security-issues
However, a separate SECURITY.md file would be much more visible and obvious.
The project should include a
SECURITY.mdfile to point people towards the right place to submit potential security vulnerabilities responsibly.This can be done at https://hackerone.com/wordpress?type=team, the HackerOne account for the entire WordPress project.
We already have a piece of documentation here: https://make.wordpress.org/cli/handbook/contributions/contributing/#reporting-security-issues
However, a separate
SECURITY.mdfile would be much more visible and obvious.