nebula
nebula copied to clipboard
Create `SECURITY.md`
It would be great to have a SECURITY.md
like a README.md
so it's possible to responsibly disclose bugs in the nebula source code.
I would make a PR, but I'm unsure what more on would entail past recommending emailing [email protected] or [email protected] or something + mentioning the bug bounty program at https://hackerone.com/slack?type=team
![image](https://user-images.githubusercontent.com/10626596/176277019-8dee5bf9-9b94-45d3-ab81-11ad3572c636.png)
Github sets up a nice template if you go to https://github.com/slackhq/nebula/security/policy to create a new policy
![image](https://user-images.githubusercontent.com/10626596/176277253-0022f3a1-cea1-4f81-a3a0-e8b04662c0ed.png)
We have #481 and #263 we can review as well
It seems like #481 is the more descriptive of the two, though it's not up-to-date with the new salesforce bug severity scale..
Is it worth merging one of those and then updating it? Or should it be added in a whole other PR?