[incubator-dubbo-website] branch asf-site updated: Add documention for how to report security issues.

[huxing]

This is an automated email from the ASF dual-hosted git repository.

huxing pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/incubator-dubbo-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new c37bf42  Add documention for how to report security issues.
c37bf42 is described below

commit c37bf4237ffcf452a1b642e854dbf0c4194dd214
Author: Huxing Zhang <huxing.zh...@gmail.com>
AuthorDate: Mon Apr 1 22:37:39 2019 +0800

    Add documention for how to report security issues.
---
 .../reporting-security-issues_dev.md                | 21 +++++++++++++++++++++
 .../reporting-security-issues_dev.md                | 21 +++++++++++++++++++++
 site_config/develop.js                              |  8 ++++++++
 3 files changed, 50 insertions(+)

diff --git 
a/docs/en-us/developers/contributor-guide/reporting-security-issues_dev.md 
b/docs/en-us/developers/contributor-guide/reporting-security-issues_dev.md
new file mode 100644
index 0000000..2b6180a
--- /dev/null
+++ b/docs/en-us/developers/contributor-guide/reporting-security-issues_dev.md
@@ -0,0 +1,21 @@
+# Reporting Security Issues
+
+The Apache Software Foundation takes a rigorous standpoint in annihilating the 
security issues in its software projects. Apache Dubbo is highly sensitive and 
forthcoming to issues pertaining to its features and functionality.
+
+## REPORTING VULNERABILITY
+
+If you have apprehensions regarding Dubbo's security or you discover 
vulnerability or potential threat, don’t hesitate to get in touch with the 
Apache Dubbo Security Team by dropping a mail at 
secur...@dubbo.incubator.apache.org. In the mail, specify the description of 
the issue or potential threat. You are also urged to recommend the way to 
reproduce and replicate the issue. The Dubbo community will get back to you 
after assessing and analysing the findings.
+
+PLEASE PAY ATTENTION to report the security issue on the security email before 
disclosing it on public domain.
+
+
+## VULNERABILITY HANDLING
+
+An overview of the vulnerability handling process is:
+
+* The reporter reports the vulnerability privately to Apache.
+* The appropriate project's security team works privately with the reporter to 
resolve the vulnerability.
+* A new release of the Apache product concerned is made that includes the fix.
+* The vulnerability is publically announced.
+
+A more detailed description of the process can be found 
[here](https://www.apache.org/security/committers.html)
\ No newline at end of file
diff --git 
a/docs/zh-cn/developers/contributor-guide/reporting-security-issues_dev.md 
b/docs/zh-cn/developers/contributor-guide/reporting-security-issues_dev.md
new file mode 100644
index 0000000..2b6180a
--- /dev/null
+++ b/docs/zh-cn/developers/contributor-guide/reporting-security-issues_dev.md
@@ -0,0 +1,21 @@
+# Reporting Security Issues
+
+The Apache Software Foundation takes a rigorous standpoint in annihilating the 
security issues in its software projects. Apache Dubbo is highly sensitive and 
forthcoming to issues pertaining to its features and functionality.
+
+## REPORTING VULNERABILITY
+
+If you have apprehensions regarding Dubbo's security or you discover 
vulnerability or potential threat, don’t hesitate to get in touch with the 
Apache Dubbo Security Team by dropping a mail at 
secur...@dubbo.incubator.apache.org. In the mail, specify the description of 
the issue or potential threat. You are also urged to recommend the way to 
reproduce and replicate the issue. The Dubbo community will get back to you 
after assessing and analysing the findings.
+
+PLEASE PAY ATTENTION to report the security issue on the security email before 
disclosing it on public domain.
+
+
+## VULNERABILITY HANDLING
+
+An overview of the vulnerability handling process is:
+
+* The reporter reports the vulnerability privately to Apache.
+* The appropriate project's security team works privately with the reporter to 
resolve the vulnerability.
+* A new release of the Apache product concerned is made that includes the fix.
+* The vulnerability is publically announced.
+
+A more detailed description of the process can be found 
[here](https://www.apache.org/security/committers.html)
\ No newline at end of file
diff --git a/site_config/develop.js b/site_config/develop.js
index 9fefe86..44d0c75 100644
--- a/site_config/develop.js
+++ b/site_config/develop.js
@@ -40,6 +40,10 @@ export default {
                     {
                         title: 'How to become a committer',
                         link: 
'/en-us/docs/developers/contributor-guide/become-a-committer_dev.html',
+                    },
+                    {
+                        title: 'How to report security issues',
+                        link: 
'/en-us/docs/developers/contributor-guide/reporting-security-issues_dev.html',
                     }
                 ]
             },
@@ -125,6 +129,10 @@ export default {
                         {
                             title: '如何成为committer',
                             link: 
'/zh-cn/docs/developers/contributor-guide/become-a-committer_dev.html',
+                        },
+                        {
+                            title: '如何汇报安全漏洞',
+                            link: 
'/zh-cn/docs/developers/contributor-guide/reporting-security-issues_dev.html',
                         }
                     ]
                 },