bittensor icon indicating copy to clipboard operation
bittensor copied to clipboard

Published 20 hours ago verified publisher icon opentensor

missing Security policy text in bittensor repo

Open mjurbanski-reef opened this issue 1 year ago • 1 comments

Is your feature request related to a problem? Please describe.

When I head to https://github.com/opentensor/bittensor/security , I see no Security policy was set, i.e. I do not know how the project maintainers would like the security bugs to be reported.

Describe the solution you'd like

It is pretty self-explanatory, create a SECURITY.md with a policy.

Examples of policies could be:

  • one clearly saying all bugs can be reported to the issue tracker with some clear text in the title for example
  • one asking users for "responsible disclosure" adding an email to which such security vulnerability report can be set. Such policies should also include a deadline, for example, 30 days, which is basically for how long bittensor team asks the original reporter to postpone public disclosure.
  • one including bug bounty program - this actually incentives well-meaning users to use whatever procedure bittensor team prefers

Describe alternatives you've considered

No response

Additional context

No response

mjurbanski-reef avatar Apr 28 '24 19:04 mjurbanski-reef