Name: security-wg
Owner: Node.js Foundation
Description: Node.js Security Working Group
Created: 2016-11-29 15:16:52.0
Updated: 2018-05-22 23:57:35.0
Pushed: 2018-05-22 23:57:33.0
Homepage: null
Size: 540
Language: JavaScript
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Note: this group is in the process of seeking Charter by the TSC (https://github.com/nodejs/TSC/issues/486)
The Security Working Group's purpose is to achieve the highest level of security for Node.js and community modules.
Its responsibilities are:
The Node.js Security Working Group is not responsible for managing incoming security reports to the security@nodejs.org address, nor is it privy to or responsible for preparing embargoed security patches and releases.
The Node.js TSC maintains primary responsibility for the management of private security activities for Node.js core but relies on the Node.js Security Working Group to recommend and help maintain policies and procedures for that management.
The Node.js project engages in an official bug bounty program for security researchers and responsible public disclosures.
The program is managed through the HackerOne platform at https://hackerone.com/nodejs with further details.
As a module author you can provide your users with security guidelines regarding any exposures and vulnerabilities in your project, based on a responsible dislcosure policy document we've already put in place.
You can show your users you take security matters seriously and drive higher confidence by following any of the below suggested actions:
Adding a SECURITY.md
file in your repository that you can copy&paste from us. Just like having a contribution of code of conduct guidelines, a security guideline will help user or bug hunters with the process of reporting a vulnerability or security concern they would like to share.
Adding our Responsible Security Dislosure badge to your project's README which links to the SECURITY.md
document.