framework icon indicating copy to clipboard operation
framework copied to clipboard
verified publisher icon dojo

docs: add a security policy

Open UlisesGascon opened this issue 4 months ago • 1 comments

👋 Hi everyone! We’re @UlisesGascon and @RafaelGSS, working with the OpenJS Foundation as part of the Alpha-Omega initiative. Our focus is supporting OpenJS projects in strengthening their security posture. We can help with things like:

  • Reviewing or creating security documentation (e.g., SECURITY.md, incident response plans...)
  • Supporting vulnerability handling and escalation (reporting, triage, CVEs, disputes)
  • Reviewing repo configurations and GitHub security settings
  • Sharing best practices (e.g., OSSF Scorecard)
  • Answering general questions on licenses, compliance, or incident response

:sparkles: We’re here as a resource for the Dojo team and happy to collaborate on whatever is most useful for you. Looking forward to working together!

References:

  • https://github.com/openjs-foundation/cross-project-council/pull/1588
  • https://openjsf.org/blog/openjs-foundation-cna
  • https://openjsf.org/blog/security-support-for-openjs-projects

Important

The policy suggests that reports should be submitted using the Report a Vulnerability feature. Since this option is currently unavailable, please follow the instructions

UlisesGascon avatar Sep 15 '25 10:09 UlisesGascon