From 649ac1900b2025de4a72a5c4dc967c798d94d73e Mon Sep 17 00:00:00 2001 From: Feross Aboukhadijeh Date: Tue, 13 Aug 2019 15:15:18 -0700 Subject: [PATCH] use org-wide security file --- SECURITY.md | 42 ------------------------------------------ 1 file changed, 42 deletions(-) delete mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index fd097c36..00000000 --- a/SECURITY.md +++ /dev/null @@ -1,42 +0,0 @@ -# Security Policies and Procedures - -This document outlines security procedures and general policies for the WebTorrent -project. - - * [Reporting a Bug](#reporting-a-bug) - * [Disclosure Policy](#disclosure-policy) - * [Comments on this Policy](#comments-on-this-policy) - -## Reporting a Bug - -The WebTorrent team and community take all security bugs in WebTorrent seriously. -Thank you for improving the security of WebTorrent. We appreciate your efforts and -responsible disclosure and will make every effort to acknowledge your -contributions. - -Report security bugs by emailing the lead maintainer at feross@feross.org. - -The lead maintainer will acknowledge your email within 48 hours, and will send a -more detailed response within 48 hours indicating the next steps in handling -your report. After the initial reply to your report, the security team will -endeavor to keep you informed of the progress towards a fix and full -announcement, and may ask for additional information or guidance. - -Report security bugs in third-party modules to the person or team maintaining -the module. - -## Disclosure Policy - -When the security team receives a security bug report, they will assign it to a -primary handler. This person will coordinate the fix and release process, -involving the following steps: - - * Confirm the problem and determine the affected versions. - * Audit code to find any potential similar problems. - * Prepare fixes for all releases still under maintenance. These fixes will be - released as fast as possible to npm. - -## Comments on this Policy - -If you have suggestions on how this process could be improved please submit a -pull request.