Documents & Guides

Documents relevant to the CPAN Security Group.

Instructions

• Report an Incident
• CNA Disclosure Policy

Guides

• CPAN Author’s Guide to Secure Software Development ⚠️ DRAFT
• CPAN Author’s Guide to Random Data for Security
• CPAN Author’s Security Policy guide

See guides/ for the full list of guides.

Studies

• CPAN Dependency Confusion (study)
• CPAN StarJacking (study)
• Supply-chain SBOM roles and metadata overview ⚠️ DRAFT

Consultations and hearings

See the consultations/ folder for replies to public consultations and hearings where CPANSec has contributed.

Rules and bylaws

• Charter ⚠️ DRAFT
• CPANSec member Pre-release Disclosure Agreement
• Standards of Conduct (TBD)

Other background info

• Reading list for relevant tech & legislation ⚠️ DRAFT
• Glossary of terms ⚠️ DRAFT