diff options
author | Rich Trott <rtrott@gmail.com> | 2018-10-15 22:25:28 -0700 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2018-10-17 22:46:28 -0700 |
commit | d22ec11e4d5591fa9cf1dd8cf5feb499aadd1a94 (patch) | |
tree | 33322b2b07a621263c91d202215ab48d21c189fb /README.md | |
parent | 72a48a2a0abb655e7387d09c3dc7550793ce4a6a (diff) | |
download | android-node-v8-d22ec11e4d5591fa9cf1dd8cf5feb499aadd1a94.tar.gz android-node-v8-d22ec11e4d5591fa9cf1dd8cf5feb499aadd1a94.tar.bz2 android-node-v8-d22ec11e4d5591fa9cf1dd8cf5feb499aadd1a94.zip |
doc: simplify security reporting text
Edit security-reporting text in the README to keep it concise and
straightforward. The removed text may discourage reporting. Nothing like
it appears in similar security-reporting text that I have reviewed.
See, for example, the Linux kernel docs on security reporting:
https://www.kernel.org/doc/html/v4.11/admin-guide/security-bugs.html
PR-URL: https://github.com/nodejs/node/pull/23686
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 13 |
1 files changed, 4 insertions, 9 deletions
@@ -166,15 +166,10 @@ team has addressed the vulnerability. The security team will acknowledge your email within 24 hours. You will receive a more detailed response within 48 hours. -There are no hard and fast rules to determine if a bug is worth reporting as -a security issue. The general rule is an issue worth reporting should allow an -attacker to compromise the confidentiality, integrity, or availability of the -Node.js application or its system for which the attacker does not already have -the capability. - -To illustrate the point, here are some examples of past issues and what the -Security Response Team thinks of them. When in doubt, however, please do send -us a report nonetheless. +There are no hard and fast rules to determine if a bug is worth reporting as a +security issue. Here are some examples of past issues and what the Security +Response Team thinks of them. When in doubt, please do send us a report +nonetheless. ### Public disclosure preferred |