Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a vulnerability disclosure policy #1784

Closed
fathyb opened this issue Jul 24, 2018 · 2 comments
Closed

Create a vulnerability disclosure policy #1784

fathyb opened this issue Jul 24, 2018 · 2 comments
Labels
🔥 Security 💬 RFC Request For Comments

Comments

@fathyb
Copy link
Contributor

fathyb commented Jul 24, 2018

It'd be cool if we have :

  • an explicit document, both for maintainers and reporters (eg. https://github.com/bugcrowd/disclosure-policy)
  • a mailbox redirecting to each maintainer email address, public issues shouldn't be used for this
  • a tool like Snyk could also help prevent this ahead of time

Related #1783
@fathyb fathyb added 💬 RFC Request For Comments 🔥 Security labels Jul 24, 2018
@ghost
Copy link

ghost commented Aug 18, 2018

AFAIK GitLab can do the mailbox thing

@DeMoorJasper
Copy link
Member

DeMoorJasper commented Jul 21, 2020
edited

Will close this due to inactivity. I don't really think it's that important for Parcel anyway as it will never really be accessible from the outside world, only real possible attack surface is third party plugins which is just a general danger of using npm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🔥 Security 💬 RFC Request For Comments
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DeMoorJasper @fathyb