github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-01-05 05:34:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

docs: add security escalation policy (#48317)

Browse Source
This commit is contained in:
Ulises Gascón
2025-10-09 00:19:07 +02:00
committed by GitHub
parent a87ee21f5c
commit ffbae02a95
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
SECURITY.md
View File

@@ -8,6 +8,12 @@ The Electron team will send a response indicating the next steps in handling you
Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the [npm contact form](https://www.npmjs.com/support) by selecting "I'm reporting a security vulnerability".
## Escalation
If you do not receive an acknowledgement of your report within 6 business days, or if you cannot find a private security contact for the project, you may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.
## The Electron Security Notification Process
For context on Electron's security notification process, please see the [Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md#notifications) section of the Security WG's [Membership and Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md) Governance document.