From 79f08cc16a4e19e6c525a29d3444684e59968e7e Mon Sep 17 00:00:00 2001 From: Thomas GENTILHOMME Date: Wed, 31 Aug 2022 21:55:05 +0200 Subject: [PATCH] fix: remove Node.js security WG disclosure program --- README.md | 2 -- SECURITY.md | 16 ---------------- 2 files changed, 18 deletions(-) delete mode 100644 SECURITY.md diff --git a/README.md b/README.md index a2a434b..9cc3a47 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,6 @@ # lstree ![version](https://img.shields.io/badge/dynamic/json.svg?url=https://raw.githubusercontent.com/TopCli/lstree/master/package.json&query=$.version&label=Version) [![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/TopCli/lstree/commit-activity) -[![Security Responsible Disclosure](https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg)](https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md -) [![mit](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/TopCli/lstree/blob/master/LICENSE) ![build](https://img.shields.io/github/workflow/status/TopCli/lstree/Node.js%20CI) diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index 8fd9300..0000000 --- a/SECURITY.md +++ /dev/null @@ -1,16 +0,0 @@ -This project participates in the Responsible Disclosure Policy program for the Node.js Security Ecosystem. - -# Responsible Disclosure Policy - -A responsible disclosure policy helps protect the project and its users from security vulnerabilities discovered in the project’s scope by employing a process where vulnerabilities are publicly disclosed after a reasonable time period to allow patching the vulnerability. - -All security bugs are taken seriously and are considered as top priority. -Your efforts to responsibly disclose your findings are appreciated and will be taken into account to acknowledge your contributions. - - -## Reporting a Security Issue - -Any security related issue should be reported to the [Node.js Ecosystem](https://hackerone.com/nodejs-ecosystem -) program hosted on HackerOne which follows the [3rd party responsible disclosure process](https://github.com/nodejs/security-wg/blob/master/processes/third_party_vuln_process.md) set by the Node.js Security WG. One may also directly contact the project’s maintainers, but through the HackerOne program the Security WG members will take care of triaging the vulnerability and invite project maintainers to participate in the report. - -As an alternative method, vulnerabilities can also be reported by emailing security-ecosystem@nodejs.org.