From 706d6ddf0d3c8a9248fc1edbc3ff60bbc6ad7b93 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 20 Mar 2022 23:07:27 -0400 Subject: [PATCH] docs: add security policy --- SECURITY.md | 24 ++++++++++++++++++++++++ package.json | 1 + 2 files changed, 25 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..46b48f7 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,24 @@ +# Security Policies and Procedures + +## Reporting a Bug + +The `send` team and community take all security bugs seriously. Thank you +for improving the security of Express. We appreciate your efforts and +responsible disclosure and will make every effort to acknowledge your +contributions. + +Report security bugs by emailing the current owner(s) of `send`. This information +can be found in the npm registry using the command `npm owner ls send`. +If unsure or unable to get the information from the above, open an issue +in the [project issue tracker](https://github.com/pillarjs/send/issues) +asking for the current contact information. + +To ensure the timely response to your report, please ensure that the entirety +of the report is contained within the email body and not solely behind a web +link or an attachment. + +At least one owner will acknowledge your email within 48 hours, and will send a +more detailed response within 48 hours indicating the next steps in handling +your report. After the initial reply to your report, the owners will +endeavor to keep you informed of the progress towards a fix and full +announcement, and may ask for additional information or guidance. diff --git a/package.json b/package.json index 98d1a75..124f111 100644 --- a/package.json +++ b/package.json @@ -47,6 +47,7 @@ "HISTORY.md", "LICENSE", "README.md", + "SECURITY.md", "index.js" ], "engines": {