Vulnerability Disclosure Policy from Dioterms
Exploring leveraging dioterms and policymaker for creating vulnerability disclore policies for a website.
- DNS is related for the deployment of the website (
- Entry within the
/.well-known/root of the domain (
- Security entry for the domain (
- If the application is located within
index.html), then the top level domain elements can be “procedural”
- Construct the webpage into a bundle (
website.wbn), publish it to the “deployer”, which can then handle the top level elements
- References can still exist within the app (
/.well-known/...), known to the website manifest
- Website manifest allow it to enforce expectations about required top-level components
- Distributable/Sharable webpages can combine/merge these components (e.g.
website.wbn, website.manifest, website.policy) with organization (or overwrite)