-
Notifications
You must be signed in to change notification settings - Fork 250
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
6a91a05
commit f0fd9e1
Showing
4 changed files
with
48 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| # JSON5 Security Policy | ||
|
|
||
| We take security seriously. Responsible reporting and disclosure of security | ||
| vulnerabilities is important for the protection and privacy of our users. If you | ||
| discover any security vulnerabilities, please follow these guidelines. | ||
|
|
||
| To report a vulnerability, we recommend submitting a report to Snyk using their | ||
| [vulnerability disclosure form](https://snyk.io/vulnerability-disclosure/). | ||
| Snyk's security team will validate the vulnerability and coordinate with you and | ||
| us to fix it, release a patch, and responsibly disclose the vulnerability. Read | ||
| Snyk's | ||
| [Vulnerability Disclosure Policy](https://docs.snyk.io/more-info/disclosing-vulnerabilities/disclose-a-vulnerability-in-an-open-source-package) | ||
| for details. | ||
|
|
||
| We also request that you send an email to | ||
| [[email protected]](mailto:[email protected]) detailing the vulnerability. | ||
| This ensures that we can begin work on a fix as soon as possible without waiting | ||
| for Snyk to contact us. | ||
|
|
||
| Please do not report undisclosed vulnerabilities on public sites or forums, | ||
| including GitHub issues and pull requests. Reporting vulnerabilities to the | ||
| public could allow attackers to exploit vulnerable applications before we have | ||
| been able to release a patch and before applications have had time to install | ||
| the patch. Once we have released a patch and sufficient time has passed for | ||
| applications to install the patch, we will disclose the vulnerability to the | ||
| public, at which time you will be free to publish details of the vulnerability | ||
| on public sites and forums. | ||
|
|
||
| If you have a fix for a security vulnerability, please do not submit a GitHub | ||
| pull request. Instead, report the vulnerability as described in this policy and | ||
| include a potential fix in the report. Once the vulnerability has been verified | ||
| and a disclosure timeline has been decided, we will contact you to see if you | ||
| would like to submit a pull request. | ||
|
|
||
| We appreciate your cooperation in helping keep our users safe by following this | ||
| policy. |