Closed
Description
- If I find a critical vulnerability in Sails how should I communicate it to the core team?
- What guarantees are given about time to a patch?
- Will reporters be credited for their work in finding a vulnerability?
- How are critical security vulnerabilities disclosed to the community?
- Are vulnerabilities given a CVE number?
- Once you write a page like this, how can I be expected to find it?
Here is an example of what a page like this should look like: http://docs.python-requests.org/en/latest/community/vulnerabilities/