Skip to content

Security: w3c/securityig

Security

SECURITY.md

Reporting Security Issues

Status: Draft

Editor: Simone Onofri

W3C Team and community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

If you believe that you have spotted a security bug in a specification, we invite you to do the following:

  • If the specification is a standard ("W3C Recommendation"), the cover page of the specification will include a link to an errata page. The errata page will tell you whether this is a known bug and if so may list a proposed correction. If there is a new bug, please use the GitHub Security Advisory on the specific repository and tag @simoneonofri. If the feature is not enabled, please write to Systems Team.
  • For draft documents, the "Status Section" of the document includes information about where to send feedback on the specification, please write to the Security Interest Group Team Contact on how to file the issue in the group repository. In general, the more information you can provide to help understand the security issue, the better.

It is important to note that reports of this type are about the standards themselves, not their implementations. It is possible, for example, to propose updates to Security Consideration Sections.

To report a security issue in W3C website, please refer to the W3C security.txt file

There aren’t any published security advisories