doc: revise security-reporting text in README
Simplify and clarify the security-reporting text in the README. Now is also probably a good time to ping the security triage folks to make sure the text is still accurate. PR-URL: https://github.com/nodejs/node/pull/23407 Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Yuta Hiroto <hello@hiroppy.me> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Rich Trott
parent
714c1b88d2
commit
bcbb9370dd
11
README.md
11
README.md
@ -159,13 +159,12 @@ source and a list of supported platforms.
|
|||||||
|
|
||||||
## Security
|
## Security
|
||||||
|
|
||||||
Security flaws in Node.js should be reported by emailing security@nodejs.org.
|
If you find a security vulnerability in Node.js, please report it to
|
||||||
Please do not disclose security bugs publicly until they have been handled by
|
security@nodejs.org. Please withhold public disclosure until after the security
|
||||||
the security team.
|
team has addressed the vulnerability.
|
||||||
|
|
||||||
Your email will be acknowledged within 24 hours, and you will receive a more
|
The security team will acknowledge your email within 24 hours. You will receive
|
||||||
detailed response to your email within 48 hours indicating the next steps in
|
a more detailed response within 48 hours.
|
||||||
handling your report.
|
|
||||||
|
|
||||||
There are no hard and fast rules to determine if a bug is worth reporting as
|
There are no hard and fast rules to determine if a bug is worth reporting as
|
||||||
a security issue. The general rule is an issue worth reporting should allow an
|
a security issue. The general rule is an issue worth reporting should allow an
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user