This seems like a pretty useful service for getting early signals around disclosures and such. Given how many projects in the supply chain they are tracking are from the ASF I wonder if we need to be on a receiving end of it either via [email protected] or some other way? https://openssf.org/blog/2024/05/20/enhancing-open-source-security-introducing-siren-by-openssf/
Thoughts? Thanks, Roman. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
