Skip to content

Commit

Permalink
doc: revise security-reporting text in README
Browse files Browse the repository at this point in the history
Simplify and clarify the security-reporting text in the README. Now is
also probably a good time to ping the security triage folks to make sure
the text is still accurate.

PR-URL: #23407
Reviewed-By: Sakthipriyan Vairamani <[email protected]>
Reviewed-By: Yuta Hiroto <[email protected]>
Reviewed-By: Myles Borins <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
Reviewed-By: James M Snell <[email protected]>
  • Loading branch information
Trott authored and MylesBorins committed Nov 29, 2018
1 parent a663d56 commit d5b1368
Showing 1 changed file with 5 additions and 6 deletions.
11 changes: 5 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -159,13 +159,12 @@ source and a list of supported platforms.

## Security

Security flaws in Node.js should be reported by emailing [email protected].
Please do not disclose security bugs publicly until they have been handled by
the security team.
If you find a security vulnerability in Node.js, please report it to
[email protected]. Please withhold public disclosure until after the security
team has addressed the vulnerability.

Your email will be acknowledged within 24 hours, and you will receive a more
detailed response to your email within 48 hours indicating the next steps in
handling your report.
The security team will acknowledge your email within 24 hours. You will receive
a more detailed response within 48 hours.

There are no hard and fast rules to determine if a bug is worth reporting as
a security issue. The general rule is an issue worth reporting should allow an
Expand Down

0 comments on commit d5b1368

Please sign in to comment.