Skip to content

Write and publish responsible disclosure policy #2830

Closed
@kevinburkeshyp

Description

@kevinburkeshyp
  • If I find a critical vulnerability in Sails how should I communicate it to the core team?
  • What guarantees are given about time to a patch?
  • Will reporters be credited for their work in finding a vulnerability?
  • How are critical security vulnerabilities disclosed to the community?
  • Are vulnerabilities given a CVE number?
  • Once you write a page like this, how can I be expected to find it?

Here is an example of what a page like this should look like: http://docs.python-requests.org/en/latest/community/vulnerabilities/

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions