search

vuejs / v2.vuejs.org

📄 Documentation for Vue 2
https://v2.vuejs.org
MIT License
5.04k stars 3.43k forks source link

Security Policies #1751

Open bwokich opened 6 years ago

bwokich commented 6 years ago

I'm doing due diligence on Vue for my company and we are looking for some sort of security protocol documentation. Here's Angular's https://angular.io/guide/security

One of these would make our path to adopting the framework easier. I'm sure we're not the only company that would find this useful. The person I spoke to on discord said that I could at Chris, so I hope this is the right person! @chriscalo @chrisvfritz

bwokich commented 6 years ago

Here's examples from other frameworks: Angularjs - https://angular.io/guide/security React - FB has a bounty program https://www.facebook.com/whitehat/ Vue - MISSING Emberjs - https://www.emberjs.com/security/ Meteor - https://guide.meteor.com/security.html https://docs.djangoproject.com/en/2.1/internals/security/

TheLarkInn commented 6 years ago

Do you have a design that you have preferred the most from these pages. Perhaps this can help invoke some inspriation on where the Vue team wants to iterate from.

bwokich commented 6 years ago

I would promote similar to AngularJS' security page. React's bounty program is probably unrealistic for Vue. AngularJS puts forth basic web-security practices and has a pieces that are framework-specific.

chrisvfritz commented 6 years ago

Thanks. 🙂 I'm designing this page now and should have something shortly.

bwokich commented 6 years ago

Hi Chris! Thanks for getting back to me. We really appreciate it.

Design doesn’t especially matter to us. The important part from our organizations perspective is publication of security concerns and risks along with best practices. Extra credit would be a response policy in the event that something goes wrong.

There was a bunch I saw out there and I think AngularJS' might be a good model for you. https://angular.io/guide/security https://angular.io/guide/security React/FaceBook promote their reward program, but that’s probably unfeasible for Vue. AngularJS’ is pretty straightforward, simple and gets the job done.

Please feel free to reach out if there’s anything I can do to help.

Have a great day! Bryan Wokich Senior Web Developer Doctor On Demand bwokich@doctorondemand.com (360) 220-7025

On Aug 21, 2018, at 8:27 PM, Chris Fritz notifications@github.com wrote:

Thanks. 🙂 I'm designing this page now and should have something shortly.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vuejs/vuejs.org/issues/1751#issuecomment-414897406, or mute the thread https://github.com/notifications/unsubscribe-auth/AiTYm8Pdol6gY3HPyvATaewstFq7JL_xks5uTM-PgaJpZM4V6-5B.

chrisvfritz commented 6 years ago

@bwokich I have a draft for a security guide ready at #1760. Feedback is very welcome. 🙂

sarahdayan commented 4 years ago

Guide is here, for those wondering: https://vuejs.org/v2/guide/security.html