0
代码
代码
Issues
Pull Requests
讨论
Wiki
分析
0
Qquguirengitcode仓文档统一整改
0cbff81d创建于 2024年12月25日历史提交

Security Issue Response Team Work Charter

The Security Issue Response Team (referred to as "Team" hereinafter) is set up to ensure timely response to and handling of security issues.

Responsibilities

  • Assist in fixing vulnerabilities.

    Help fix vulnerabilities, including providing means to detect and fix vulnerabilities, to protect users' systems against attacks.

  • Handle security issues.

    Respond to security issues reported, track the issue handling progress, and disclose security issues in the community regularly.

  • Participate in code review.

    Discover vulnerabilities in code through code review.

  • Update the vulnerability review records and the list of Acknowledgment.

Members

The Team consists of people from ArkUI-X A category donors who have extensive experience in related fields and are willing to work on security issues in the ArkUI-X community. Currently, the team members include:

The Team has a team leader, who is elected by team members for a two-year term and can be re-elected for more terms. The team members serve a two-year term and can be re-elected for more terms. New members are approved by existing members via an ordinary resolution. Dismissal of existing members is approved by a special resolution.

The team leader is responsible for the daily work of the Team. Members shall comply with this work charter and regulations of the ArkUI-X project and diligently fulfill their duties.

The Team has the right to recall members who violate the regulations.

Meetings

A quorum of more than half of the team members is required to attend the meeting. An ordinary resolution shall be approved by more than half of the attendees. A special resolution shall be approved by at least two thirds of all attendees.

A meeting can be held only when a majority of team members can attend the meeting. The team leader, deputy team leader, or more than three members can initiate a meeting based on work requirements.

A special resolution is required for the following issues:

  • Modifying this work charter
  • Recalling team members
  • Other important issues

Contacts

Contact the Team using the following contact information:

Email Description How to Use
scy@arkui-x.cn Email address for receiving security issues A developer can send ArkUI-X security issues to this email address.
scy-priv@arkui-x.cn A mailing list for discussing security issues Security group members can subscribe to this mailing list to discuss security issues.

Reporting Security Issues

You are welcome to report any potential security issue in the ArkUI-X community. If you find any potential security issue, please send an email to scy@arkui-x.cn immediately.

Handling Security Vulnerabilities

The Team will assign specialists to track and handle security vulnerabilities. For more information, see ArkUI-X Community Vulnerability Governance.

Disclosing Security Vulnerabilities

For details about the disclosed security vulnerabilities in the ArkUI-X community, see Security Bulletins.

Community Discussion and Support

Learn more about the ArkUI-X project and how to take part in security activities at ArkUI-X.

Acknowledgment

Learn about the individuals and teams that have contributed to the security of the ArkUI-X community at Acknowledgment.