Mirrors/lodash
1
0
Fork 0
mirror of https://github.com/whoisclebs/lodash.git synced 2026-01-29 06:27:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: add security escalation policy (#6025)

Browse Source
This commit is contained in:
Ulises Gascón
2025-10-27 11:24:14 +01:00
committed by GitHub
parent 61ff26e089
commit 519b3d1f0d
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
SECURITY.md
View File

@@ -33,3 +33,9 @@ directly to the Lodash maintainers through the [Security tab](https://github.com
repository.
Your efforts to responsibly disclose your findings are sincerely appreciated.
## Escalation
If you do not receive an acknowledgement of your report within 6 business days, or if you cannot find a private security contact for the project, you may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.