From: Viktor Petersson <self@vpetersson.com>
Date: Tue, 30 Jul 2024 17:24:13 +0000 (+0100)
Subject: SECURITY: mention OpenSSF best practices gold badge
X-Git-Tag: curl-8_10_0~221
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fc66e1676195ec598f8bb96d887a369fc28a0b9;p=thirdparty%2Fcurl.git

SECURITY: mention OpenSSF best practices gold badge

Closes #14319
---

diff --git a/SECURITY.md b/SECURITY.md
index dbce1b52ac..fca756dabf 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -14,3 +14,14 @@ If you have found or just suspect a security problem somewhere in curl or
 libcurl, report it on [HackerOne](https://hackerone.com/curl).
 
 We treat security issues with confidentiality until controlled and disclosed responsibly.
+
+## OpenSSF Scorecard
+
+curl has earned Gold status on the OpenSSF Best Practices, reflecting its adherence to
+rigorous security and best practice standards. This achievement highlights curl's
+comprehensive documentation, secure development processes, effective change control
+mechanisms, and strong maintenance routines. Meeting these criteria demonstrates curl's
+commitment to security and reliability, ensuring the project's sustainability and
+trustworthiness. This recognition by OpenSSF underscores curl's role as a leader in
+open-source software practices. More information can be found on
+their [OpenSSF page](https://www.bestpractices.dev/projects/63).