privacyguides/privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

Update SECURITY.md

Browse Source 
- Don't condone attacks against live user accounts/data: https://github.com/privacytoolsIO/privacytools.io/pull/1001#issuecomment-504210270
- Add announcement process if user data is affected: https://github.com/privacytoolsIO/privacytools.io/pull/1001#discussion_r296408553
This commit is contained in:
Jonah Aragon
2019-06-21 19:13:13 -05:00
parent 38a5e4334b
commit ad344be456
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
SECURITY.md
View File

@@ -12,12 +12,13 @@ The administrative team will acknowledge your message within 48 hours, and will
Please report any security bugs in third-party projects to the person or team maintaining that project.
The following are out of scope and should **not** be performed:
The following are out of scope and should **not** be attacked/performed:
* Excessive Automated Scans
* Denial of Service Attacks
* Social Engineering Attacks
* Reports against infrastructure outside our control
* User or admin accounts not owned by the tester
## Disclosure Policy
@@ -27,6 +28,8 @@ When we receive a security report, that report will be assigned to an administra
2. Audit infrastructure and/or code to find any potential similar problems.
3. Prepare fixes for all releases currently in production, which will be implemented as quickly as possible.
Additionally, if user data was directly affected or compromised, we will inform affected users to the best of our ability via email and/or a website notification with more information about the incident.
## Comments on this Policy
Please open a Pull Request or Issue if you would like to discuss any changes to this policy.