From bd57d1f51f44fd10d9e24ccbf220362f3b4fd419 Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Thu, 30 Jun 2022 14:05:54 -0300 Subject: [PATCH] doc: include CVSS mention PR-URL: https://github.com/nodejs/node/pull/43602 Reviewed-By: Vladimir de Turckheim Reviewed-By: Beth Griggs Reviewed-By: Darshan Sen Reviewed-By: Matteo Collina Reviewed-By: Richard Lau --- doc/contributing/security-release-process.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/contributing/security-release-process.md b/doc/contributing/security-release-process.md index 4f19b0ce48d..605821bad13 100644 --- a/doc/contributing/security-release-process.md +++ b/doc/contributing/security-release-process.md @@ -42,6 +42,8 @@ The current security stewards are documented in the main Node.js * [ ] PR release announcements in [private](https://github.com/nodejs-private/nodejs.org-private): * (Use previous PRs as templates. Don't forget to update the site banner and the date in the slug so that it will move to the top of the blog list.) + * (Consider using a [Vulnerability Score System](https://www.first.org/cvss/calculator/3.1) + to identify severity of each report) * [ ] pre-release: _**LINK TO PR**_ * [ ] post-release: _**LINK TO PR**_ * List vulnerabilities in order of descending severity