diff options
author | Rich Trott <rtrott@gmail.com> | 2018-10-10 06:33:13 -0700 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2018-10-12 07:57:54 -0700 |
commit | bcbb9370ddaa223110fcd8584e41336b791e7e7f (patch) | |
tree | 8da12d8a7cf83bf4c8281def6fb15c6bb18dee48 /README.md | |
parent | 714c1b88d2d05d1c868ffdde1a827cd74d092e07 (diff) | |
download | android-node-v8-bcbb9370ddaa223110fcd8584e41336b791e7e7f.tar.gz android-node-v8-bcbb9370ddaa223110fcd8584e41336b791e7e7f.tar.bz2 android-node-v8-bcbb9370ddaa223110fcd8584e41336b791e7e7f.zip |
doc: revise security-reporting text in README
Simplify and clarify the security-reporting text in the README. Now is
also probably a good time to ping the security triage folks to make sure
the text is still accurate.
PR-URL: https://github.com/nodejs/node/pull/23407
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 11 |
1 files changed, 5 insertions, 6 deletions
@@ -159,13 +159,12 @@ source and a list of supported platforms. ## Security -Security flaws in Node.js should be reported by emailing security@nodejs.org. -Please do not disclose security bugs publicly until they have been handled by -the security team. +If you find a security vulnerability in Node.js, please report it to +security@nodejs.org. Please withhold public disclosure until after the security +team has addressed the vulnerability. -Your email will be acknowledged within 24 hours, and you will receive a more -detailed response to your email within 48 hours indicating the next steps in -handling your report. +The security team will acknowledge your email within 24 hours. You will receive +a more detailed response within 48 hours. There are no hard and fast rules to determine if a bug is worth reporting as a security issue. The general rule is an issue worth reporting should allow an |