Tootfinder

An Empirical Study of Security-Policy Related Issues in Open Source Projects
Rintaro Kanaji, Brittany Reid, Yutaro Kashiwa, Raula Gaikovina Kula, Hajimu Iida
https://arxiv.org/abs/2510.05604

An Empirical Study of Security-Policy Related Issues in Open Source Projects
GitHub recommends that projects adopt a SECURITY.md file that outlines vulnerability reporting procedures. However, the effectiveness and operational challenges of such files are not yet fully understood. This study aims to clarify the challenges that SECURITY.md files face in the vulnerability reporting process within open-source communities. Specifically, we classified and analyzed the content of 711 randomly sampled issues related to SECURITY.md. We also conducted a quantitative comparative …