Update SECURITY.md
This commit is contained in:
Michael Mayer
parent
2d6d47121e
commit
ce9a10a8f5
1 changed files with 11 additions and 1 deletions
12
SECURITY.md
12
SECURITY.md
|
|
@ -12,7 +12,7 @@ We will then try to reproduce the problem, determine the impact and get back to
|
|||
Confirmed vulnerabilities will be fixed within 90 days, depending on the severity and whether third-party
|
||||
packages are affected.
|
||||
|
||||
**Responsible Disclosure:**
|
||||
## Responsible Disclosure
|
||||
|
||||
1. Confirm that the vulnerability applies to a current version and is reproducible.
|
||||
2. First share the vulnerability details with us so that users are not put at risk.
|
||||
|
|
@ -20,3 +20,13 @@ packages are affected.
|
|||
4. Respect the privacy of others.
|
||||
|
||||
*Avoid activities that disrupt, degrade, or interrupt our services or compromise other users' data, such as spam, brute force attacks, denial of service attacks, and malicious file distribution.*
|
||||
|
||||
## Reporting Issues as a Business or Organization
|
||||
|
||||
(a) If an email we receive appears to be auto-generated and does not look like a legitimate report that has been manually reviewed in accordance with the requirements of this policy, we may ignore it and you should not expect a response in order to protect our ability to respond to actual issues.
|
||||
|
||||
(b) Unless absolutely necessary, for example to report a major issue that has just been discovered, please send requests or reports during regular business hours and never at night or on weekends, especially if they are sent asynchronously.
|
||||
|
||||
(c) Refrain from sending HTML emails as we consider them insecure and unsuitable for this purpose.
|
||||
|
||||
(d) If you are contacting us as a business or other organization, we encourage you to include legal and contact information on your website, as failure to provide legally required information may compromise your eligibility and trustworthiness.
|
||||
Loading…
Reference in a new issue