This seems like a pretty useful service for getting early signals around disclosures and such. Given how many projects in the supply chain they are tracking are from the ASF I wonder if we need to be on a receiving end of it either via security@a.o or some other way? https://openssf.org/blog/2024/05/20/enhancing-open-source-security-introducing-siren-by-openssf/
Thoughts? Thanks, Roman. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org