forked from iotaledger/iri
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add basic Responsible Disclosure Policy (iotaledger#1475)
- Loading branch information
Showing
1 changed file
with
23 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
<h2>Responsible disclosure policy</h2> | ||
|
||
At the IOTA Foundation, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. If you've discovered a vulnerability, please follow the guidelines below to report it to our security team: | ||
<ul> | ||
<li>E-mail your findings to [email protected]. If the report contains highly sensitive information, please consider encrypting your findings using our [email protected] (466385BD0B40D9550F93C04746A440CCE5664A64) PGP key.</li> | ||
</ul> | ||
Please follow these rules when testing/reporting vulnerabilities: | ||
<ul> | ||
<li>Do not take advantage of the vulnerability you have discovered, for example by downloading more data than is necessary to demonstrate the vulnerability.</li> | ||
<li>Do not read, modify or delete data that isn't you own.</li> | ||
<li>We ask that you do not to disclosure the problem to third parties until it has been resolved.</li> | ||
<li>The scope of the program is limited to technical vulnerabilities in IOTA Foundations's web applications and open source software packages distributed through GitHub, please do not try to test physical security or attempt phishing attacks against our employees, and so on.</li> | ||
<li>Out of concern for the availability of our services to all users, please do not attempt to carry out DoS attacks, leverage black hat SEO techniques, spam people, and do other similarly questionable things. We also discourage the use of any vulnerability testing tools that automatically generate significant volumes of traffic.</li> | ||
</ul> | ||
What we promise: | ||
<ul> | ||
<li>We will respond to your report within 3 business days with our evaluation of the report and an expected resolution date.</li> | ||
<li>If you have followed the instructions above, we will not take any legal action against you in regard to the report.</li> | ||
<li>We will keep you informed during all stages of resolving the problem.</li> | ||
<li>To show our appreciation for your effort and cooperation during the report, we will list your name and a link to a personal website/social network profile on the page below so that the public can know you've helped keep the IOTA Foundation secure.</li> | ||
</ul> | ||
We sincerely appreciate the efforts of security researchers in keeping our community safe. | ||
|