This document describes security procedures and general policies for the Vkrun project.
The team takes all Vkrun security bugs seriously. Thank you for improving the security of Vkrun. We appreciate your efforts and responsible disclosure and will make every effort to recognize your contributions.
Report security bugs by sending an email to the main maintainer in the README-pt.md file.
To ensure a timely response to your report, please make sure the entire report is contained within the body of the email and not just behind a web link or attachment.
The main maintainer will confirm your email within 72 hours and send a more detailed response within 72 hours indicating the next steps in handling your report. After the initial response to your report, the security team will strive to keep you informed about progress towards a fix and full disclosure, and may request additional information or guidance.
Report security bugs in third-party modules to the person or team maintaining the module.
When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
- Confirm the issue and determine the affected versions.
- Audit the code to find potential similar issues.
- Prepare fixes for all versions still in maintenance. These fixes will be released as soon as possible to npm and yarn.
If you have suggestions on how this process can be improved, submit a Pull Request.