Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Policies and Procedures

  • Two volunteer developers from each team.
  • 12 month commitment.
  • Help triage and respond to reports following the responsible disclosure policies and procedures.

Responsible Disclosure

  • 48 hours to respond to reporter acknowledging the report.
  • 1 week to triage, report, and coordinate with the affected project maintainers to plan the fix of the bug.
  • 90 days to fix and release a fix or disclose the security bug.
  • Any "critical" errors shall be assigned a CVE number and disclosed through the formal CVE system.

Current Team Members

(List)