forked from withastro/astro
-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
84275e0
commit d3ceb61
Showing
2 changed files
with
5 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,7 @@ | ||
| # Astro Security | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| To report a security issue, please email [email protected] with a detailed description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. | ||
|
|
||
| Please remember to include everything required for us to reproduce the issue, including but not limited to a publicly accessible git repository and/or StackBlitz repository. All code samples shared with our Security team will only be used to verify and diagnose the issue and will not be publicly shared with anyone outside of Astro's teams. Astro's Security Team members may share information only within the Astro teams on a need-to-know basis to fix the related issue in Astro. | ||
|
|
@@ -13,7 +15,8 @@ This project follows a 90 day disclosure timeline. | |
| **_This is detrimental to the safety of all Astro users. No exceptions._** | ||
|
|
||
| ## Embargo Policy | ||
| The information members and others receive through participation in this group must not be made public, shared, or even hinted otherwise, except with prior explicit approval (which shall be handled on a case-by-case basis). This holds true until the agreed-upon public disclosure date/time is satisfied. | ||
|
|
||
| The information members and others receive through participation in this group must not be made public, shared, or even hinted otherwise, except with prior explicit approval (which shall be handled on a case-by-case basis). This holds true until the agreed-upon public disclosure date/time is satisfied. | ||
|
|
||
| As a clarifying example, this policy forbids Astro Security members from sharing list information with their employers; unless prior arrangements have been made directly with an employer. | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters