privacyguides/privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

Add Security Policy

Browse Source 
As recommended in #988
This commit is contained in:
Jonah Aragon 2019-06-20 16:24:02 -05:00
parent b505455b64
commit 38a5e4334b
No known key found for this signature in database
GPG Key ID: B9D1C611859E0649
2 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.well-known/security.txt
View File

@ -2,3 +2,4 @@ Contact: admin@privacytools.io
Encryption: https://www.jonaharagon.com/keys/
Preferred-Languages: en
Canonical: https://www.privacytools.io/.well-known/security.txt
Policy: https://github.com/privacytoolsIO/privacytools.io/security/policy

32
SECURITY.md Normal file
View File

@ -0,0 +1,32 @@
# Security Policies and Procedures
This document outlines security procedures and policies for the `privacytools.io` repository/code and all services hosted by privacytools.io, such as Mastodon, Matrix, Riot, et cetera.
## Reporting a Bug
We take all security bugs related to our code and our infrastructure very seriously. Thank you for improving the security of our projects and services. We appreciate your efforts and responsible disclosure, and will make every effort to acknowledge your contributions.
Report any security bugs by emailing the services administrator at [admin@privacytools.io](mailto:admin@privacytools.io).
The administrative team will acknowledge your message within 48 hours, and will provide a detailed response within 72 hours detailing the next steps for handling your report. After our initial reply we will make every effort to keep you informed of the progress towards a fix and announcement, and we may ask for additional information or guidance.
Please report any security bugs in third-party projects to the person or team maintaining that project.
The following are out of scope and should **not** be performed:
* Excessive Automated Scans
* Denial of Service Attacks
* Social Engineering Attacks
* Reports against infrastructure outside our control
## Disclosure Policy
When we receive a security report, that report will be assigned to an administrative team member. That person will coordinate the fix, release, and announcement process, involving the following steps:
1. Confirm the problem and determine affected services.
2. Audit infrastructure and/or code to find any potential similar problems.
3. Prepare fixes for all releases currently in production, which will be implemented as quickly as possible.
## Comments on this Policy
Please open a Pull Request or Issue if you would like to discuss any changes to this policy.