Skip to content

Commit 8eef3e2

Browse files
RafaelGSSRafaelGSS
committed
doc: add minimal SECURITY md
1 parent 6cabc97 commit 8eef3e2

1 file changed

Lines changed: 20 additions & 0 deletions

File tree

SECURITY.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# Security
2+
3+
## Reporting a vulnerability to Node.js Website
4+
5+
Please report security issues **privately** using the **GitHub Security Advisory**
6+
workflow (Security → “Report a vulnerability”).
7+
8+
Do **not** open a public GitHub issue for security problems.
9+
10+
We aim to acknowledge reports within **7 business days**.
11+
If you do **not** receive an acknowledgement within **7 business days**,
12+
forward your report to **[tsc@nodejs.org](mailto:tsc@nodejs.org)**.
13+
14+
## Disclosure & advisories
15+
16+
Confirmed vulnerabilities will be published as a **GitHub Security Advisory**
17+
(and assigned a CVE when applicable). Notices are also shared via:
18+
19+
- Node.js blog advisories: [https://nodejs.org/blog/vulnerability/](https://nodejs.org/blog/vulnerability/)
20+
when necessary.

0 commit comments

Comments
 (0)