OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 00:20:08 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

doc: add security escalation policy

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/59806
Refs: https://github.com/openjs-foundation/cross-project-council/pull/1588
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Richard Lau <richard.lau@ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Ulises Gascón 2025-09-15 08:54:35 +02:00 committed by GitHub
parent 58f408f528
commit 15c276d59c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
SECURITY.md
View File

@ -15,6 +15,13 @@ you informed of the progress being made towards a fix and full announcement,
and may ask for additional information or guidance surrounding the reported
issue.
If you do not receive an acknowledgement of your report within 6 business
days, or if you cannot find a private security contact for the project, you
may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
If the project acknowledges your report but does not provide any further
response or engagement within 14 days, escalation is also appropriate.
### Node.js bug bounty program
The Node.js project engages in an official bug bounty program for security