From 1945771f37ae213176fb5e6ab21223f237d99c6a Mon Sep 17 00:00:00 2001 From: Zeke Sikelianos Date: Mon, 30 Jan 2017 10:49:17 -0800 Subject: [PATCH] Add SECURITY.md --- SECURITY.md | 9 +++++++++ docs/tutorial/security.md | 5 +++++ 2 files changed, 14 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000000..ff2f1018423a --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Reporting Security Issues + +The Electron team and community take security bugs in Electron seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. + +To report a security issue, email [electron@github.com](mailto:electron@github.com) and include the word "SECURITY" in the subject line. + +The Electron team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. + +Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the [Node Security Project](https://nodesecurity.io/report). diff --git a/docs/tutorial/security.md b/docs/tutorial/security.md index 6962f79256aa..356ebf68f504 100644 --- a/docs/tutorial/security.md +++ b/docs/tutorial/security.md @@ -20,6 +20,11 @@ display primarily local content (or trusted, secure remote content without Node integration) – if your application executes code from an online source, it is your responsibility to ensure that the code is not malicious. +## Disclosing Security Vulnerabilities + +For information on how to properly disclose an Electron vulnerability, +see [SECURITY.md](https://github.com/electron/electron/tree/master/SECURITY.md) + ## Chromium Security Issues and Upgrades While Electron strives to support new versions of Chromium as soon as possible,