Page tree
Skip to end of metadata
Go to start of metadata

Policies and Procedures

  • Two volunteer developers from each team.
  • 12 month commitment.
  • Help triage and respond to reports following the responsible disclosure policies and procedures.
  • Keep the reporter informed of the status of their report by sending updates at a minimum of one per week.

Responsible Disclosure

  • 48 hours to respond to reporter acknowledging the report.
  • 1 week to triage, report, and coordinate with the affected project maintainers to plan the fix of the bug.
  • 90 days to fix and release a fix or disclose the security bug.
  • Any "critical" errors shall be assigned a CVE number and disclosed through the formal CVE system.

Current Team Members


  • No labels