Add Security Policy #1001
@ -12,12 +12,13 @@ The administrative team will acknowledge your message within 48 hours, and will
|
||||
|
||||
Please report any security bugs in third-party projects to the person or team maintaining that project.
|
||||
|
||||
The following are out of scope and should **not** be performed:
|
||||
The following are out of scope and should **not** be attacked/performed:
|
||||
|
||||
* Excessive Automated Scans
|
||||
* Denial of Service Attacks
|
||||
* Social Engineering Attacks
|
||||
* Reports against infrastructure outside our control
|
||||
* User or admin accounts not owned by the tester
|
||||
|
||||
## Disclosure Policy
|
||||
|
|
||||
|
||||
@ -27,6 +28,8 @@ When we receive a security report, that report will be assigned to an administra
|
||||
2. Audit infrastructure and/or code to find any potential similar problems.
|
||||
3. Prepare fixes for all releases currently in production, which will be implemented as quickly as possible.
|
||||
|
||||
Additionally, if user data was directly affected or compromised, we will inform affected users to the best of our ability via email and/or a website notification with more information about the incident.
|
||||
|
||||
## Comments on this Policy
|
||||
|
||||
Please open a Pull Request or Issue if you would like to discuss any changes to this policy.
|
||||
|
||||
Reference in New Issue
Block a user
This does not seem to include if users will be informed in case data is leaked.
My understanding is that social.privacytools.io and other services collect information like email.
What happens if this information gets stolen? How would users be informed?
Added info to
ad344be