From 16f9b487d0e985db9eee70ef799f4d44ed3b92ee Mon Sep 17 00:00:00 2001 From: Matteo Collina Date: Tue, 22 Apr 2025 08:57:04 +0200 Subject: [PATCH 1/2] meta: allow penetration testing on live system with prior authorization Signed-off-by: Matteo Collina --- SECURITY.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index b932e83b29b899..074663a16bca48 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -72,7 +72,9 @@ When reporting security vulnerabilities, reporters must adhere to the following 3. **Responsible Testing**: When testing potential vulnerabilities: * Use isolated, controlled environments. - * Do not test on production systems. + * Do not test on production systems without prior authorization. Contact + the Node.js Technical Steering Committee (tsc@iojs.org) for permission or open + a HackerOne report. * Do not attempt to access or modify other users' data. * Immediately stop testing if unauthorized access is gained accidentally. From b58f91f7856c788aa00a9f8b9b5016cf621eb0ef Mon Sep 17 00:00:00 2001 From: Matteo Collina Date: Tue, 22 Apr 2025 09:05:44 +0200 Subject: [PATCH 2/2] fixup Signed-off-by: Matteo Collina --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 074663a16bca48..9650e812914f81 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -73,7 +73,7 @@ When reporting security vulnerabilities, reporters must adhere to the following 3. **Responsible Testing**: When testing potential vulnerabilities: * Use isolated, controlled environments. * Do not test on production systems without prior authorization. Contact - the Node.js Technical Steering Committee (tsc@iojs.org) for permission or open + the Node.js Technical Steering Committee () for permission or open a HackerOne report. * Do not attempt to access or modify other users' data. * Immediately stop testing if unauthorized access is gained accidentally.