tinyfilemanager/SECURITY.md

# Security Policy

## Reporting a Vulnerability

The team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, email ccpprogrammers[at]gmail.com and include the word "SECURITY" in the subject line.

The team will send a response indicating the next steps in handling your report. After the initial reply to your report you will be kept informed of the progress towards a fix and full announcement.

Report security bugs in third-party modules to the person or team maintaining the module.

## Disclosure Policy

When the security team receives a security bug report, they will assign it to a
primary handler. This person will coordinate the fix and release process,
involving the following steps:

  * Confirm the problem and determine the affected versions.
  * Audit code to find any potential similar problems.
  * Prepare fixes for all releases still under maintenance. These fixes will be
    released as fast as possible to npm.

## Comments on this Policy

If you have suggestions on how this process could be improved please submit a
pull request.
Create SECURITY.md 2019-12-27 17:11:49 +01:00			`# Security Policy`

			`## Reporting a Vulnerability`

			`The team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.`

Update SECURITY.md 2020-05-14 05:27:29 +02:00			`To report a security issue, email ccpprogrammers[at]gmail.com and include the word "SECURITY" in the subject line.`
Create SECURITY.md 2019-12-27 17:11:49 +01:00
			`The team will send a response indicating the next steps in handling your report. After the initial reply to your report you will be kept informed of the progress towards a fix and full announcement.`

			`Report security bugs in third-party modules to the person or team maintaining the module.`

			`## Disclosure Policy`

			`When the security team receives a security bug report, they will assign it to a`
			`primary handler. This person will coordinate the fix and release process,`
			`involving the following steps:`

			`* Confirm the problem and determine the affected versions.`
			`* Audit code to find any potential similar problems.`
			`* Prepare fixes for all releases still under maintenance. These fixes will be`
			`released as fast as possible to npm.`

			`## Comments on this Policy`

			`If you have suggestions on how this process could be improved please submit a`
			`pull request.`