From ce9a10a8f592a47f4a6864b3f375cce8b4b43ccc Mon Sep 17 00:00:00 2001 From: Michael Mayer Date: Sun, 19 Jun 2022 18:19:51 +0200 Subject: [PATCH] Update SECURITY.md --- SECURITY.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 71c562bdf..eedb3ff22 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,7 +12,7 @@ We will then try to reproduce the problem, determine the impact and get back to Confirmed vulnerabilities will be fixed within 90 days, depending on the severity and whether third-party packages are affected. -**Responsible Disclosure:** +## Responsible Disclosure 1. Confirm that the vulnerability applies to a current version and is reproducible. 2. First share the vulnerability details with us so that users are not put at risk. @@ -20,3 +20,13 @@ packages are affected. 4. Respect the privacy of others. *Avoid activities that disrupt, degrade, or interrupt our services or compromise other users' data, such as spam, brute force attacks, denial of service attacks, and malicious file distribution.* + +## Reporting Issues as a Business or Organization + +(a) If an email we receive appears to be auto-generated and does not look like a legitimate report that has been manually reviewed in accordance with the requirements of this policy, we may ignore it and you should not expect a response in order to protect our ability to respond to actual issues. + +(b) Unless absolutely necessary, for example to report a major issue that has just been discovered, please send requests or reports during regular business hours and never at night or on weekends, especially if they are sent asynchronously. + +(c) Refrain from sending HTML emails as we consider them insecure and unsuitable for this purpose. + +(d) If you are contacting us as a business or other organization, we encourage you to include legal and contact information on your website, as failure to provide legally required information may compromise your eligibility and trustworthiness. \ No newline at end of file