archive-gh-me/marko
1
0
Fork 0
mirror of https://github.com/marko-js/marko.git synced 2025-12-08 19:26:05 +00:00
Code Issues Projects Releases Wiki Activity

docs: add a security policy

Browse Source
This commit is contained in:
Ulises Gascón 2025-09-15 12:16:36 +02:00 committed by Dylan Piercey
parent 7c30ff1422
commit 571d1aa982
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
SECURITY.md Normal file
View File

@ -0,0 +1,26 @@
# Security Policy
## Reporting a Vulnerability
Please report security issues **privately** using GitHubs **Report a vulnerability** form on this repository (Security tab).
**Do not** file public GitHub issues for security problems.
When reporting, please include:
- Affected project/repo and version(s)
- Impact and component(s) involved
- Reproduction steps or PoC (if available)
- Your contact and preferred credit name
If you do not receive an acknowledgement of your report within **6 business days**, or if you cannot find a private security contact for the project, you may **escalate to the OpenJS Foundation CNA** at `security@lists.openjsf.org`.
If the project acknowledges your report but does not provide any further response or engagement within **14 days**, escalation is also appropriate.
## Coordination & Disclosure
We follow coordinated vulnerability disclosure:
- We will acknowledge your report, assess impact, and work on a fix.
- We aim to provide status updates at reasonable intervals until resolution.
- We will publish a security advisory (and **CVE via the OpenJS CNA when applicable**) once a fix or mitigation is available. We credit reporters by default unless you request otherwise.