Skip to end of banner Go to start of banner

Security Team

Skip to end of metadata

Created by David Huseby, last modified on Jan 21, 2019

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Policies and Procedures

Two volunteer developers from each team.
12 month commitment.
Help triage and respond to reports following the responsible disclosure policies and procedures.

Responsible Disclosure

48 hours to respond to reporter acknowledging the report.
1 week to triage, report, and coordinate with the affected project maintainers to plan the fix of the bug.
90 days to fix and release a fix or disclose the security bug.
Any "critical" errors shall be assigned a CVE number and disclosed through the formal CVE system.

Current Team Members

(List)

No labels