Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: remove Node.js Ecosystem HackerOne program #789

Merged
merged 1 commit into from
Mar 23, 2022
Merged

docs: remove Node.js Ecosystem HackerOne program #789

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 0 additions & 28 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,13 @@
Table of Contents

- Vulnerability Management
* [Responsible Disclosure Policy](./processes/responsible_disclosure_template.md)
* [Third-Party Ecosystem Triage Process](./processes/third_party_vuln_process.md)
* [Third-Party HackerOne Submission form](./processes/third_party_vuln_submit_form_hacker1.md)
* [Vulnerability Database](./processes/vuln_db.md)
* [Recognition for Security Researchers](./processes/recognition.md)
- Processes for Security WG Members
* [Security Team Membership Policy](./processes/security_team_membership_policy.md)
* [On-boarding Team Members](./processes/wg_onboarding.md)
* [Off-boarding Team Members](./processes/wg_offboarding.md)
- [Node.js Bug Bounty Program](#nodejs-bug-bounty-program)
- [Participate in Responsible Security Disclosure](#participate-in-responsible-security-disclosure)
- [Charter](#charter)
- [Code of Conduct](#code-of-conduct)
- [Moderation Policy](#moderation-policy)
Expand All @@ -38,9 +34,6 @@ Responsibilities include:
* Ensure the vulnerability data is updated in an efficient and timely manner. For example, ensuring there
are well-documented processes for reporting vulnerabilities in community
modules.
* Define and maintain policies and procedures for the coordination of security
concerns within the external Node.js open source ecosystem.
* Offer help to npm package maintainers to fix high-impact security bugs.
Comment on lines -41 to -43
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would need to be reflected in https://github.com/nodejs/TSC/blob/main/WORKING_GROUPS.md#ecosystem-security as well.

* Maintain and make available data on disclosed security vulnerabilities in:
* the core Node.js project
* other projects maintained by the Node.js Foundation technical group
Expand All @@ -55,20 +48,8 @@ the [Node.js TSC][].

## Node.js Bug Bounty Program

The Node.js project engages in an official bug bounty program for security researchers and responsible public disclosures. We have established a first draft of accepted criteria and npm modules and projects that are eligible for monetary reward at [Bug Bounty Criteria](./processes/bug_bounty_criteria.md).

The program is managed through the HackerOne platform at [https://hackerone.com/nodejs](https://hackerone.com/nodejs) with further details.

## Participate in Responsible Security Disclosure

As a module author you can provide your users with security guidelines regarding any exposures and vulnerabilities in your project, based on a responsible disclosure policy [document](https://github.com/nodejs/security-wg/blob/e2c03e62d73635a766156c6ea4f9aefb35c04603/processes/responsible_disclosure_template.md) we've already put in place.

You can show your users you take security matters seriously and drive higher confidence by following any of the below suggested actions:

1. Adding a `SECURITY.md` file in your repository that you can copy&paste from [us](https://github.com/nodejs/security-wg/blob/e2c03e62d73635a766156c6ea4f9aefb35c04603/processes/responsible_disclosure_template.md). Just like having a contribution of code of conduct guidelines, a security guideline will help user or bug hunters with the process of reporting a vulnerability or security concern they would like to share.

2. Adding our Responsible Security Dislosure badge to your project's README which links to the `SECURITY.md` document.

## Current Project Team Members

* [ChALkeR](https://github.com/ChALkeR) - **Сковорода Никита Андреевич**
Expand Down Expand Up @@ -110,14 +91,6 @@ You can show your users you take security matters seriously and drive higher con
* [shigeki](https://github.com/shigeki) - **Shigeki Ohtsu**
* [sam-github](https://github.com/sam-github) - **Sam Roberts**

## Ecosystem Vulnerability Triage Team

Note that membership in the Ecosystem Security WG does not automatically give access to
undisclosed vulnerabilities on HackerOne

* [*Ecosystem Vulnerabilities*](https://hackerone.com/nodejs-ecosystem):
Managed by the [Ecosystem Triage Team][].

# Code of Conduct

The [Node.js Code of Conduct](https://github.com/nodejs/admin/blob/master/CODE_OF_CONDUCT.md) applies to this WG.
Expand All @@ -127,4 +100,3 @@ The [Node.js Code of Conduct](https://github.com/nodejs/admin/blob/master/CODE_O
The [Node.js Moderation Policy](https://github.com/nodejs/admin/blob/master/Moderation-Policy.md) applies to this WG.

[Node.js TSC]: https://github.com/nodejs/TSC
[Ecosystem Triage Team]: processes/third_party_vuln_process.md#members
59 changes: 0 additions & 59 deletions processes/bug_bounty_criteria.md
View file
Open in desktop

This file was deleted.

21 changes: 0 additions & 21 deletions processes/responsible_disclosure_template.md
View file
Open in desktop

This file was deleted.

51 changes: 0 additions & 51 deletions processes/third_party_triage_guidelines.md
View file
Open in desktop

This file was deleted.

156 changes: 0 additions & 156 deletions processes/third_party_vuln_process.md
View file
Open in desktop

This file was deleted.

Loading