-
Notifications
You must be signed in to change notification settings - Fork 109
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add SECURITY.md * Add SECURITY.md * Towncrier * Change mail address * Rename file
- Loading branch information
Showing
2 changed files
with
42 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| # Security | ||
|
|
||
| **Contact:** [email protected] | ||
|
|
||
| Keeping mirrord secure is a top concern for us. Nevertheless, despite our best efforts to fortify it, vulnerabilities may still be present. | ||
|
|
||
| If you come across a vulnerability, please inform us promptly so we can resolve it as soon as possible. We kindly request your assistance in enhancing the security of both our clients and our systems. | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| **In Scope Vulnerabilities:** | ||
|
|
||
| - Any security issues that might put at risk the confidentiality, integrity, or accessibility of our systems or data. | ||
|
|
||
| **Reporting Instructions:** | ||
|
|
||
| 1. Email your findings to **[email protected]**. | ||
|
|
||
| 2. Please do not exploit the vulnerability or issue you've found. | ||
|
|
||
| 3. Please keep the issue confidential until we've fixed it. | ||
|
|
||
| 4. Do not use attacks on physical security, social engineering, distributed denial of service, spam, or third-party applications. | ||
|
|
||
| 5. Please share enough details for us to understand and fix the issue as fast as we can. | ||
|
|
||
| ## What *We* Promise | ||
|
|
||
| 1. We'll get back to you within 3 business days with our assessment of the report and an estimated date of when we expect to resolve it. | ||
|
|
||
| 2. We will not take any legal action against you related to the report, if you have adhered to the reporting instructions above. | ||
|
|
||
| 3. We'll treat your report with utmost confidentiality and won't share your personal information with third parties without your consent. | ||
|
|
||
| 4. We'll be keeping you updated of the progress toward fixing the issue. | ||
|
|
||
| 5. We'll credit you as the discoverer of the issue (unless you request otherwise) in public disclosures of the reported issue. | ||
|
|
||
| 6. We aim to resolve all issues promptly and are eager to actively contribute to the ultimate publication on the problem, once the problem has been resolved. | ||
|
|
||
| We truly value your contributions in strengthening our security. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| Add SECURITY.md |