36 lines
1.3 KiB
Markdown
36 lines
1.3 KiB
Markdown
# Security Policies and Procedures
|
|
|
|
## Reporting a Bug
|
|
|
|
We take all security bugs in systeminformation seriously.
|
|
Thank you for improving the security of systeminformation. We appreciate your efforts and
|
|
responsible disclosure and will make every effort to acknowledge your
|
|
contributions.
|
|
|
|
To ensure the timely response to your report, please ensure that the entirety
|
|
of the report is contained, when reporting a security issue.
|
|
|
|
Report security bugs in third-party modules to the person or team maintaining
|
|
the module.
|
|
|
|
## Pre-release Versions
|
|
|
|
Alpha and Beta releases are unstable and **not suitable for production use**.
|
|
Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
|
|
Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
|
|
|
|
## Disclosure Policy
|
|
|
|
When we will receiving a security bug report, we will coordinate the fix and release process,
|
|
involving the following steps:
|
|
|
|
* Confirm the problem and determine the affected versions.
|
|
* Audit code to find any potential similar problems.
|
|
* Prepare fixes for all releases still under maintenance. These fixes will be
|
|
released as fast as possible to npm.
|
|
|
|
## Comments on this Policy
|
|
|
|
If you have suggestions on how this process could be improved please submit a
|
|
pull request.
|