Skip to content

Commit

Permalink
doc: simplify security reporting text
Browse files Browse the repository at this point in the history
Edit security-reporting text in the README to keep it concise and
straightforward. The removed text may discourage reporting. Nothing like
it appears in similar security-reporting text that I have reviewed.
See, for example, the Linux kernel docs on security reporting:
https://www.kernel.org/doc/html/v4.11/admin-guide/security-bugs.html

PR-URL: nodejs#23686
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
  • Loading branch information
Trott committed Oct 18, 2018
1 parent 72a48a2 commit d22ec11
Showing 1 changed file with 4 additions and 9 deletions.
13 changes: 4 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -166,15 +166,10 @@ team has addressed the vulnerability.
The security team will acknowledge your email within 24 hours. You will receive
a more detailed response within 48 hours.

There are no hard and fast rules to determine if a bug is worth reporting as
a security issue. The general rule is an issue worth reporting should allow an
attacker to compromise the confidentiality, integrity, or availability of the
Node.js application or its system for which the attacker does not already have
the capability.

To illustrate the point, here are some examples of past issues and what the
Security Response Team thinks of them. When in doubt, however, please do send
us a report nonetheless.
There are no hard and fast rules to determine if a bug is worth reporting as a
security issue. Here are some examples of past issues and what the Security
Response Team thinks of them. When in doubt, please do send us a report
nonetheless.


### Public disclosure preferred
Expand Down

0 comments on commit d22ec11

Please sign in to comment.