Skip to content

Commit

Permalink
Merge pull request #396 from davedbase/patch-1
Browse files Browse the repository at this point in the history 
Create SECURITY.md
  • Loading branch information
@ryansolid
ryansolid authored Jan 19, 2025
2 parents 1da3855 + 31dc545 commit cf4c628
Showing 1 changed file with 25 additions and 0 deletions.
25 changes: 25 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
Thanks for helping make the dom-expressions project safe for everyone. This project is managed by Ryan Carniato and the SolidJS Security Team.

# Security

SolidJS takes the security of our software seriously, including all of the open source code repositories managed through [this GitHub organization](https://github.com/solidjs).

## Reporting a Vulnerability

<ins>**If you think you've found a security issue, please DO NOT report, discuss, or describe it on Discord or GitHub.**<ins>

**All security-related issues, concerns, and problems must be reported via email to: [email protected]**

Please include everything necessary to reproduce the problem when sending over information, including an example repository on StackBlitz or GitHub. Please don't add explicit details about the security issue you are reporting in any of the repository's contents.

**_This is detrimental to the safety of all Solid users. No exceptions._**

## Embargo Policy

SolidJS's Security Team members must share information only within the Solid Core and Security teams on a need-to-know basis to fix the related issue in Solid. The information members and others receive through participation in this group must not be made public, shared, or even hinted otherwise, except with prior explicit approval (which shall be handled on a case-by-case basis). This holds true until the agreed-upon public disclosure date/time is satisfied.

As a clarifying example, this policy forbids Solid Security members from sharing list information with their employers; unless prior arrangements have been made directly with an employer.

In the unfortunate event that you share the information beyond what is allowed by this policy, you must urgently inform the Solid Security Team of exactly what information leaked and to whom, as well as the steps that will be taken to prevent future leaks.

**Repeated offenses may lead to the removal from the Security or Solid team.**

0 comments on commit cf4c628

Please sign in to comment.