search

jerryscript-project / iotjs

Platform for Internet of Things with JavaScript http://www.iotjs.net
Other
2.59k stars 439 forks source link

Process for Reporting Security Vulnerabilities #1893

Closed 4cad closed 5 years ago

4cad commented 5 years ago

What is the best way to report security bugs to your project? It is a generally good practice to avoid public issue trackers if possible when reporting vulnerabilities, but I cannot find any alternatives in your project documentation.

Thanks, Dane

LaszloLango commented 5 years ago

CC: @daeyeon @haesik

4cad commented 5 years ago

Any thoughts on this? I would prefer not to sit on vulnerabilities for too long after their discovery.

akosthekiss commented 5 years ago

@4cad Hi Dane, the project has no official private channels at the moment. You can track down my email address from my profile page and I might try and give a feedback whether to publicly report the vulnerability or not, but that's far from official. (Or you might try that with any of the other maintainers.)

4cad commented 5 years ago

@akosthekiss Sounds good - I will give you a ping tonight with the details.

akosthekiss commented 5 years ago

Issue discussed with @4cad via email. Closing this issue for now.