From b2cfc15c2a92fb695e208d4926a2fbc557c5182d Mon Sep 17 00:00:00 2001 From: florian Date: Thu, 5 Aug 2021 23:25:50 +0200 Subject: [PATCH] security - add security policy --- SECURITY.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..f598eeb --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,17 @@ +# Security policy + +Even though this project is focused on security, it is still prone to possible vulnerabilities. We consider every security bug as a serious issue and will try our best to address it. + +## Responsible disclosure + +If you have found a security bug, please send us an email at security \[@\] bunkerity.com with technical details so we can resolve it as soon as possible. + +Here is a non-exhaustive list of issues we consider as high risk : +- Vulnerability in the core +- Bypass of a security feature +- Vulnerability in a third-party dependency +- Risk in the supply chain + +## Bounty + +To encourage responsible disclosure, we may reward you with a bounty at the sole discretion of the maintainers.