Build in public really. Just talk about what we are building, get feedback, bug reports etc. from users. When major security issues happen related to our domain e.g. xz or tj-actions/changed-files, we either write about how our tool can mitigate the risk or research on how to enhance our tool to handle the risk and then talk about it publicly.
Build in public really. Just talk about what we are building, get feedback, bug reports etc. from users. When major security issues happen related to our domain e.g. xz or tj-actions/changed-files, we either write about how our tool can mitigate the risk or research on how to enhance our tool to handle the risk and then talk about it publicly.