rubyinstaller2 icon indicating copy to clipboard operation
rubyinstaller2 copied to clipboard

Published 20 hours ago verified publisher icon oneclick

Who to contact for security issues

Open JamieSlome opened this issue 3 years ago • 2 comments
trafficstars

Hey there!

I belong to an open source security research community, and a member (@ycdxsb) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

JamieSlome avatar Apr 19 '22 16:04 JamieSlome

I'll add a SECURITY.md file and keep this issue open until then. For the time being please contact me by email [email protected] and if you want encryption, use this PGP key: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xb5ff9149f95a59bfbcfdaf0543b526b8aae32ba7

larskanis avatar Apr 19 '22 19:04 larskanis

@larskanis - thanks 👍

I will get an e-mail sent over to you now. Just for reference, the report can be found directly here: https://huntr.dev/bounties/5a21711d-6dcf-4bb3-8ce0-002c07dd1da7/

It is private and only accessible to maintainers with repository write permissions.

JamieSlome avatar Apr 20 '22 10:04 JamieSlome