SECURITY: mention OpenSSF best practices gold badge

author Viktor Petersson <self@vpetersson.com>

Tue, 30 Jul 2024 17:24:13 +0000 (18:24 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Sat, 17 Aug 2024 09:01:16 +0000 (11:01 +0200)
author Viktor Petersson <self@vpetersson.com>
Tue, 30 Jul 2024 17:24:13 +0000 (18:24 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Sat, 17 Aug 2024 09:01:16 +0000 (11:01 +0200)
diff --git a/SECURITY.md b/SECURITY.md

index dbce1b52acb269a74532c71fd06a5a47fc94047b..fca756dabfa9a9ef3a2dc77609fdee3676d76067 100644 (file)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -14,3 +14,14 @@ If you have found or just suspect a security problem somewhere in curl or
  libcurl, report it on [HackerOne](https://hackerone.com/curl).
  
  We treat security issues with confidentiality until controlled and disclosed responsibly.
+
+## OpenSSF Scorecard
+
+curl has earned Gold status on the OpenSSF Best Practices, reflecting its adherence to
+rigorous security and best practice standards. This achievement highlights curl's
+comprehensive documentation, secure development processes, effective change control
+mechanisms, and strong maintenance routines. Meeting these criteria demonstrates curl's
+commitment to security and reliability, ensuring the project's sustainability and
+trustworthiness. This recognition by OpenSSF underscores curl's role as a leader in
+open-source software practices. More information can be found on
+their [OpenSSF page](https://www.bestpractices.dev/projects/63).
author	Viktor Petersson <self@vpetersson.com>
	Tue, 30 Jul 2024 17:24:13 +0000 (18:24 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Sat, 17 Aug 2024 09:01:16 +0000 (11:01 +0200)