Skip to content

Instantly share code, notes, and snippets.

@MarcinHoppe

MarcinHoppe/openjsf-security-reporting.md

Last active February 7, 2020 08:25
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save MarcinHoppe/b13a870770522c31a8386ada48b2e40f to your computer and use it in GitHub Desktop.
Save MarcinHoppe/b13a870770522c31a8386ada48b2e40f to your computer and use it in GitHub Desktop.
Download ZIP
Security reporting in OpenJS Foundation projects
Raw
openjsf-security-reporting.md

Impact projects

Projects Security policy Security reporting
Appium No No
Dojo No No
Node.js Yes https://hackerone.com/nodejs
webpack Yes webpack@opencollective.com
jQuery No security@jquery.com (?)

Growth projects

Projects Security policy Security reporting
architect No No
Intern No No
Mocha No Security label in issue tracker
Node-RED Yes team@nodered.org
webdriver No No
webhint No No

Incubation projects

Projects Security policy Security reporting
AMP Yes (Google) https://www.google.com/about/appsecurity/
Electron Yes security@electronjs.org
nvm No No
Fastify Yes https://hackerone.com/nodejs-ecosystem

At-large projects

Projects Security policy Security reporting
ESlint Yes (on H1) https://hackerone.com/eslint
libuv No No
Esprima No No
Lodash Yes Several: https://hackerone.com/nodejs-ecosystem, https://snyk.io/vulnerability-disclosure, security@lodash.com
Express Yes npm, lead maintainer email
Marko No https://gitter.im/mlrawlings
Globalize No No
messageformat No No
Grunt No No
Moment No No
HospitalRun No No
PEP No No
Interledger.js No Security label in issue tracker (some)
QUnit No No
JerryScript No No
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment