You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 lines
1.7 KiB
43 lines
1.7 KiB
# Security Policies and Procedures |
|
|
|
This document outlines security procedures and general policies for the Connect |
|
project. |
|
|
|
* [Reporting a Bug](#reporting-a-bug) |
|
* [Disclosure Policy](#disclosure-policy) |
|
* [Comments on this Policy](#comments-on-this-policy) |
|
|
|
## Reporting a Bug |
|
|
|
The Connect team and community take all security bugs in Connect seriously. |
|
Thank you for improving the security of Connect. We appreciate your efforts and |
|
responsible disclosure and will make every effort to acknowledge your |
|
contributions. |
|
|
|
Report security bugs by emailing the lead maintainer in the README.md file. |
|
|
|
The lead maintainer will acknowledge your email within 48 hours, and will send a |
|
more detailed response within 48 hours indicating the next steps in handling |
|
your report. After the initial reply to your report, the security team will |
|
endeavor to keep you informed of the progress towards a fix and full |
|
announcement, and may ask for additional information or guidance. |
|
|
|
Report security bugs in third-party modules to the person or team maintaining |
|
the module. You can also report a vulnerability through the |
|
[Node Security Project](https://nodesecurity.io/report). |
|
|
|
## Disclosure Policy |
|
|
|
When the security team receives a security bug report, they will assign it to a |
|
primary handler. This person will coordinate the fix and release process, |
|
involving the following steps: |
|
|
|
* Confirm the problem and determine the affected versions. |
|
* Audit code to find any potential similar problems. |
|
* Prepare fixes for all releases still under maintenance. These fixes will be |
|
released as fast as possible to npm. |
|
|
|
## Comments on this Policy |
|
|
|
If you have suggestions on how this process could be improved please submit a |
|
pull request.
|
|
|