We take the security of the Developer Experience Working Group's resources and tools seriously. If you discover a security vulnerability, please report it to us promptly.
Please report (suspected) security vulnerabilities to [email protected]. You will receive a response from us within 48 hours. If the issue is confirmed, we will work on releasing a fix as soon as possible.
When reporting a vulnerability, please provide:
- A clear and concise description of the vulnerability
- The affected component(s) or tool(s) within the developer-experience working group repository
- Steps that can be followed to exercise the vulnerability
- Potential impact of the vulnerability
- Any suggested mitigations or workarounds
If you have developed any code or utilities that demonstrate the vulnerability, please mention them in your email. However, DO NOT include them as attachments as this may cause your Email to be blocked by spam filters.
Thank you for your help in keeping the Developer Experience Working Group secure!