Skip to content

Security: wesleytodd/express-openapi

Security

SECURITY.md

Security Policies and Procedures

This document outlines security procedures and general policies for projects run by @wesleytodd.

Reporting a Bug

Report security bugs by emailing wes@wesleytodd.com.

To ensure the timely response to your report, please ensure that the entirety of the report is contained within the email body and not solely behind a web link or an attachment.

I will acknowledge your email within one week, and will send a more detailed response within one week indicating the next steps in handling your report.

Report security bugs in third-party modules to the person or team maintaining the module.

Pre-release Versions

Alpha and Beta releases are unstable and not suitable for production use. Vulnerabilities found in pre-releases should be reported according to the Reporting a Bug section. Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.

Threat Model

Each project may have it's own thread model. This reporting doc is shared among many projects, so please reference the project specific thread model when available.

Comments on this Policy

If you have suggestions on how this process could be improved please submit a pull request.

There aren’t any published security advisories