crumpet icon indicating copy to clipboard operation
crumpet copied to clipboard
verified publisher icon CrumpetDev

Create security policy

Open tomtitherington opened this issue 2 years ago • 1 comments

Something like...?

Summary

Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.

Details

Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.

PoC

Complete instructions, including specific configuration details, to reproduce the vulnerability.

Impact

What kind of vulnerability is it? Who is impacted?

tomtitherington avatar Jan 02 '24 21:01 tomtitherington

Security Policy

Reporting a Vulnerability

Reporting any potential vulnerabilities is strongly encouraged.

If you suspect a vulnerability, please take the following steps:

  • Contact the team at security at X.
  • Include a comprehensive description of the potential vulnerability and steps to reproduce the issue, if possible. The more information you can provide, the quicker X can address the problem.

You can expect a response to your initial report within one business day. While the core team works on addressing the issue, please maintain confidentiality about the vulnerability to ensure the security of all users. Please refrain from exploiting the vulnerability or revealing the problem to others.

While X doesn't have a formal bug bounty program right now due to the project's nascent stage, rest assured that:

  • You will get a response within one business day.
  • Your report and all accompanying data will receive the highest level of confidentiality.
  • Your contribution is greatly appreciated, and X would acknowledge your role in the vulnerability fix, if you opt for identification.
  • X will grant you permission to publicly discuss your findings once users have had a reasonable time to apply the patch after it becomes available.
  • X guarantees not to pursue any legal action as long as the vulnerability is not exploited.

Security Features

Efforts are continually made to enhance the security of the product. If you have any recommendations or feature requests that could enhance the product's security, please share them via the discussion forum.

⚠️ Note this does not apply to security vulnerabilities. If you're in doubt, then always follow the security vulnerability process

tomtitherington avatar Jan 02 '24 21:01 tomtitherington