Node.js
How should Triagers handle premature disclosures? #53501
Unanswered
avivkeller
asked this question in
General
Replies: 1 comment 1 reply
-
|
FWIW, for Collaborators the process is https://github.com/nodejs/node/blob/main/doc/contributing/collaborator-guide.md#managing-security-issues |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
The main issue with that is that we can't transfer issues over, but there's no dedicated way to let the security team know without letting the whole world know, or causing noise for a single security team member Maybe a Node.js member only slack channel? |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
CC @nodejs/security-wg
How should the triage team address potential premature disclosures? We regularly monitor the nodejs repositories for new issues, and sometimes these issues could be premature disclosures. What actions should we take in these instances?
Currently, I inform a security team member when I suspect a premature disclosure. Is there a more effective protocol for this, or is what I'm doing correct?
Beta Was this translation helpful? Give feedback.
All reactions