Skip to end of metadata
Go to start of metadata
Policies and Procedures
- Two volunteer developers from each team.
- 12 month commitment.
- Help triage and respond to reports following the responsible disclosure policies and procedures.
- Keep the reporter informed of the status of their report by sending updates at a minimum of one per week.
- 48 hours to respond to reporter acknowledging the report.
- 1 week to triage, report, and coordinate with the affected project maintainers to plan the fix of the bug.
- 90 days to fix and release a fix or disclose the security bug.
- Any "critical" errors shall be assigned a CVE number and disclosed through the formal CVE system.
Current Team Members