OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 00:20:08 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

doc: add security escalation policy

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/59806
Refs: https://github.com/openjs-foundation/cross-project-council/pull/1588
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Ulises Gascón 2025-09-15 08:54:35 +02:00 committed by GitHub
parent 58f408f528
commit 15c276d59c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
SECURITY.md
View File

@ -15,6 +15,13 @@ you informed of the progress being made towards a fix and full announcement,
and may ask for additional information or guidance surrounding the reported and may ask for additional information or guidance surrounding the reported
issue. issue.
If you do not receive an acknowledgement of your report within 6 business
days, or if you cannot find a private security contact for the project, you
may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
If the project acknowledges your report but does not provide any further
response or engagement within 14 days, escalation is also appropriate.
### Node.js bug bounty program ### Node.js bug bounty program
The Node.js project engages in an official bug bounty program for security The Node.js project engages in an official bug bounty program for security