This seems like a pretty useful service for getting early
signals around disclosures and such. Given how many
projects in the supply chain they are tracking are from
the ASF I wonder if we need to be on a receiving end
of it either via security@a.o or some other way?
https://openssf.org/blog/2024/05/20/enhancing-open-source-security-introducing-siren-by-openssf/
Thoughts?
Thanks,
Roman.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org
