From 378147391f32a440ae12b225be582250d8b883ec Mon Sep 17 00:00:00 2001 From: David Dooling Date: Tue, 18 Jun 2019 21:02:10 +0000 Subject: [PATCH] Autofix: Add community files [atomist:generated] [atomist:autofix=add_community_files] --- SECURITY.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..204ca62 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,38 @@ +# Atomist Open Source Security Policies and Procedures + +This document outlines security procedures and general policies for the +Atomist Open Source projects as found on https://github.com/atomist. + + * [Reporting a Vulnerability](#reporting-a-vulnerability) + * [Disclosure Policy](#disclosure-policy) + +## Reporting a Vulnerability + +The Atomist OSS team and community take all security vulnerabilities +seriously. Thank you for improving the security of our open source +software. We appreciate your efforts and responsible disclosure and will +make every effort to acknowledge your contributions. + +Report security vulnerabilities by emailing the Atomist security team at: + + security@atomist.com + +The lead maintainer will acknowledge your email within 24 hours, and will +send a more detailed response within 48 hours indicating the next steps in +handling your report. After the initial reply to your report, the security +team will endeavor to keep you informed of the progress towards a fix and +full announcement, and may ask for additional information or guidance. + +Report security vulnerabilities in third-party modules to the person or +team maintaining the module. + +## Disclosure Policy + +When the security team receives a security bug report, they will assign it +to a primary handler. This person will coordinate the fix and release +process, involving the following steps: + + * Confirm the problem and determine the affected versions. + * Audit code to find any potential similar problems. + * Prepare fixes for all releases still under maintenance. These fixes + will be released as fast as possible to NPM.