Standard
Security Standard
Security policy expectations, disclosure routes, dependency posture, vulnerability handling, and project-facing security signals.
The Security Standard defines clear project-facing practices for handling security expectations without requiring small projects to operate like large vendors.
Scope
- Security policy placement
- Vulnerability disclosure routes
- Dependency and supply-chain notes
- Security review signals
- Maintainer response expectations
Baseline artifacts
A project should provide a security policy, a reporting path, supported version information, and basic dependency hygiene guidance.