documentation icon indicating copy to clipboard operation
documentation copied to clipboard

Published 20 hours ago verified publisher icon aurelia

Please include a security policy statement

Open stuartellis opened this issue 8 years ago • 0 comments

I'm submitting a feature request

  • Library Version: 1.0.0

Current behavior:

There is no statement in the documentation or on the Aurelia Website about the current security policy.

Expected/desired behavior:

I would expect there to be a statement that clearly explains how to notify the core team of security issues, and how the team will respond to security vulnerabilities.

For example, here is the Ember.js security policy:

http://emberjs.com/security/

  • What is the expected behavior?

See above.

  • What is the motivation / use case for changing the behavior?

It would provide a clear process for the team to follow in the event of security vulnerabilities in the framework (which will happen eventually), and increase the confidence of potential users, particularly those with security or compliance requirements.

Speaking personally, I really like what I see with Aurelia, but I can't recommend it to my company without clearly understanding what the process for security and bug fix updates will be.

stuartellis avatar Jul 31 '16 08:07 stuartellis