Skip to content

Commit

Permalink
docs(security): add responsible disclosure policy (#11300)
Browse files Browse the repository at this point in the history
  • Loading branch information
lirantal authored and sushantdhiman committed Aug 11, 2019
1 parent 592099d commit 29eb1c8
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ $ npm install --save tedious # Microsoft SQL Server
- [Contributing](https://github.com/sequelize/sequelize/blob/master/CONTRIBUTING.md)

## Responsible disclosure
If you have any security issue to report, contact project maintainers privately. You can find contact information in [CONTACT.md](https://github.com/sequelize/sequelize/blob/master/CONTACT.md).
If you have security issues to report please refer to our [Responsible Disclosure Policy](./SECURITY.md) for more details.

## Resources

Expand Down
24 changes: 24 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Security Policy

## Supported versions

The following table describes the versions of this project that are currently supported with security updates:

| Version | Supported |
| ------- | ------------------ |
| 3.x | :heavy_check_mark: |
| 4.x | :heavy_check_mark: |
| 5.x | :heavy_check_mark: |

## Responsible disclosure policy

At Sequelize, we prioritize security issues and will try to fix them as soon as they are disclosed.

If you discover a security vulnerability, please reach the project maintainers privately. You can find related information in [CONTACT.md](./CONTACT.md).

After validating & discussing scope of security vulnerability, we will set a time-frame for patch distribution. This time-frame may vary depending upon the nature of vulnerability.

Once effected versions are patched you may report security issue to any Node.js security vulnerability database. A few which we have worked with in past are listed below.

- [NPM](https://www.npmjs.com/advisories/report)
- [Snyk.io](https://snyk.io/vulnerability-disclosure)

0 comments on commit 29eb1c8

Please sign in to comment.