Giving credit for Security Advisories
Saying thanks is now a core part of the Security Advisory workflow.
Since launching Security Advisories, we’ve asked many maintainers for their feedback to help us understand how advisories are being used in their projects. One of the most important pieces of feedback we heard was the desire to simply say “thanks!” to the people that contributed to the advisory. Some maintainers are already doing this today—20% of Security Advisory descriptions mention someone. Those advisories thank people for many reasons, from finding the vulnerability and creating the fix, to moral support and more.
Showing appreciation
We want to make these credits more visible so that anyone visiting an advisory can see who contributed. To do that, we’ve made “saying thanks” a core part of the Security Advisory workflow with advisory credits.
Giving credit is simple—when editing a Security Advisory, use the Credits area at the bottom to search for the GitHub user you wish to credit, and press Enter.
The people you credit can accept or decline your credit. If accepted, GitHub shows the credit on the Security Advisory, both in the repository and in the GitHub Advisory Database.
If you’ve published a Security Advisory that mentioned a user, we’ve also gone back and processed those mentions into pending credits.
Thank you
Only the community, working together, can secure the open source software that we all rely on. With advisory credits, we want to celebrate the great collaborations that happen in the community every day.
Learn more about GitHub Security Advisories
Written by
Related posts
The second half of software supply chain security on GitHub
Learn about a community-developed framework for how to think about this problem holistically and how to use GitHub, particularly, to improve the security in the second half of your software supply chain.
Cybersecurity spotlight on bug bounty researcher @imrerad
For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@imrerad!
Kicking off Cybersecurity Awareness Month: Researcher spotlights and additional incentives!
For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!