| # Security Policies and Procedures |
| |
| ## Reporting a Bug |
| |
| The Express team and community take all security bugs seriously. Thank you |
| for improving the security of Express. We appreciate your efforts and |
| responsible disclosure and will make every effort to acknowledge your |
| contributions. |
| |
| Report security bugs by emailing the current owner(s) of `body-parser`. This |
| information can be found in the npm registry using the command |
| `npm owner ls body-parser`. |
| If unsure or unable to get the information from the above, open an issue |
| in the [project issue tracker](https://github.com/expressjs/body-parser/issues) |
| asking for the current contact information. |
| |
| To ensure the timely response to your report, please ensure that the entirety |
| of the report is contained within the email body and not solely behind a web |
| link or an attachment. |
| |
| At least one owner will acknowledge your email within 48 hours, and will send a |
| more detailed response within 48 hours indicating the next steps in handling |
| your report. After the initial reply to your report, the owners will |
| endeavor to keep you informed of the progress towards a fix and full |
| announcement, and may ask for additional information or guidance. |
