Update SECURITY.md
- Don't condone attacks against live user accounts/data: https://github.com/privacytoolsIO/privacytools.io/pull/1001#issuecomment-504210270 - Add announcement process if user data is affected: https://github.com/privacytoolsIO/privacytools.io/pull/1001#discussion_r296408553
This commit is contained in:
parent
38a5e4334b
commit
ad344be456
|
@ -12,12 +12,13 @@ The administrative team will acknowledge your message within 48 hours, and will
|
|||
|
||||
Please report any security bugs in third-party projects to the person or team maintaining that project.
|
||||
|
||||
The following are out of scope and should **not** be performed:
|
||||
The following are out of scope and should **not** be attacked/performed:
|
||||
|
||||
* Excessive Automated Scans
|
||||
* Denial of Service Attacks
|
||||
* Social Engineering Attacks
|
||||
* Reports against infrastructure outside our control
|
||||
* User or admin accounts not owned by the tester
|
||||
|
||||
## Disclosure Policy
|
||||
|
||||
|
@ -27,6 +28,8 @@ When we receive a security report, that report will be assigned to an administra
|
|||
2. Audit infrastructure and/or code to find any potential similar problems.
|
||||
3. Prepare fixes for all releases currently in production, which will be implemented as quickly as possible.
|
||||
|
||||
Additionally, if user data was directly affected or compromised, we will inform affected users to the best of our ability via email and/or a website notification with more information about the incident.
|
||||
|
||||
## Comments on this Policy
|
||||
|
||||
Please open a Pull Request or Issue if you would like to discuss any changes to this policy.
|
||||
|
|
Reference in New Issue