Skip to content

Commit

Permalink
docs: remove Node.js Ecosystem HackerOne program (#789)
Browse files Browse the repository at this point in the history
Remove documentation related to the Node.js Ecosystem HackerOne program.

closes: #788
see: nodejs/node#42144

Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
  • Loading branch information
achrinza authored Mar 23, 2022
1 parent 7b53122 commit 1393717
Show file tree
Hide file tree
Showing 8 changed files with 0 additions and 378 deletions.
28 changes: 0 additions & 28 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,13 @@
Table of Contents

- Vulnerability Management
* [Responsible Disclosure Policy](./processes/responsible_disclosure_template.md)
* [Third-Party Ecosystem Triage Process](./processes/third_party_vuln_process.md)
* [Third-Party HackerOne Submission form](./processes/third_party_vuln_submit_form_hacker1.md)
* [Vulnerability Database](./processes/vuln_db.md)
* [Recognition for Security Researchers](./processes/recognition.md)
- Processes for Security WG Members
* [Security Team Membership Policy](./processes/security_team_membership_policy.md)
* [On-boarding Team Members](./processes/wg_onboarding.md)
* [Off-boarding Team Members](./processes/wg_offboarding.md)
- [Node.js Bug Bounty Program](#nodejs-bug-bounty-program)
- [Participate in Responsible Security Disclosure](#participate-in-responsible-security-disclosure)
- [Charter](#charter)
- [Code of Conduct](#code-of-conduct)
- [Moderation Policy](#moderation-policy)
Expand All @@ -38,9 +34,6 @@ Responsibilities include:
* Ensure the vulnerability data is updated in an efficient and timely manner. For example, ensuring there
are well-documented processes for reporting vulnerabilities in community
modules.
* Define and maintain policies and procedures for the coordination of security
concerns within the external Node.js open source ecosystem.
* Offer help to npm package maintainers to fix high-impact security bugs.
* Maintain and make available data on disclosed security vulnerabilities in:
* the core Node.js project
* other projects maintained by the Node.js Foundation technical group
Expand All @@ -55,20 +48,8 @@ the [Node.js TSC][].

## Node.js Bug Bounty Program

The Node.js project engages in an official bug bounty program for security researchers and responsible public disclosures. We have established a first draft of accepted criteria and npm modules and projects that are eligible for monetary reward at [Bug Bounty Criteria](./processes/bug_bounty_criteria.md).

The program is managed through the HackerOne platform at [https://hackerone.com/nodejs](https://hackerone.com/nodejs) with further details.

## Participate in Responsible Security Disclosure

As a module author you can provide your users with security guidelines regarding any exposures and vulnerabilities in your project, based on a responsible disclosure policy [document](https://github.com/nodejs/security-wg/blob/e2c03e62d73635a766156c6ea4f9aefb35c04603/processes/responsible_disclosure_template.md) we've already put in place.

You can show your users you take security matters seriously and drive higher confidence by following any of the below suggested actions:

1. Adding a `SECURITY.md` file in your repository that you can copy&paste from [us](https://github.com/nodejs/security-wg/blob/e2c03e62d73635a766156c6ea4f9aefb35c04603/processes/responsible_disclosure_template.md). Just like having a contribution of code of conduct guidelines, a security guideline will help user or bug hunters with the process of reporting a vulnerability or security concern they would like to share.

2. Adding our Responsible Security Dislosure badge to your project's README which links to the `SECURITY.md` document.

## Current Project Team Members

* [ChALkeR](https://github.com/ChALkeR) - **Сковорода Никита Андреевич**
Expand Down Expand Up @@ -110,14 +91,6 @@ You can show your users you take security matters seriously and drive higher con
* [shigeki](https://github.com/shigeki) - **Shigeki Ohtsu**
* [sam-github](https://github.com/sam-github) - **Sam Roberts**

## Ecosystem Vulnerability Triage Team

Note that membership in the Ecosystem Security WG does not automatically give access to
undisclosed vulnerabilities on HackerOne

* [*Ecosystem Vulnerabilities*](https://hackerone.com/nodejs-ecosystem):
Managed by the [Ecosystem Triage Team][].

# Code of Conduct

The [Node.js Code of Conduct](https://github.com/nodejs/admin/blob/master/CODE_OF_CONDUCT.md) applies to this WG.
Expand All @@ -127,4 +100,3 @@ The [Node.js Code of Conduct](https://github.com/nodejs/admin/blob/master/CODE_O
The [Node.js Moderation Policy](https://github.com/nodejs/admin/blob/master/Moderation-Policy.md) applies to this WG.

[Node.js TSC]: https://github.com/nodejs/TSC
[Ecosystem Triage Team]: processes/third_party_vuln_process.md#members
59 changes: 0 additions & 59 deletions processes/bug_bounty_criteria.md

This file was deleted.

21 changes: 0 additions & 21 deletions processes/responsible_disclosure_template.md

This file was deleted.

51 changes: 0 additions & 51 deletions processes/third_party_triage_guidelines.md

This file was deleted.

156 changes: 0 additions & 156 deletions processes/third_party_vuln_process.md

This file was deleted.

Loading

0 comments on commit 1393717

Please sign in to comment.