Skip to content

Commit

Permalink
Merge pull request #2277 from rsksmart/update_bbp
Browse files Browse the repository at this point in the history
Change Bug Bounty Program references
  • Loading branch information
aeidelman authored Apr 3, 2024
2 parents d1c155a + 08c4309 commit 7f6a8e9
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
# RSK's Security Process
# rskj Security Process

We are committed to conduct our security process in a professional and civil manner. Public shaming, under-reporting or misrepresentation of vulnerabilities will not be tolerated.

## Responsible Disclosure

For all security related issues, RSK has two main points of contact. Reach us at <security@iovlabs.org> or refer to our [Bug Bounty Program](https://www.iovlabs.org/bug-bounty-program). **Do not open up a GitHub issue if the bug is a security vulnerability**
For all security related issues, rskj has two main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program](https://www.rootstocklabs.com/bug-bounty-program). **Do not open up a GitHub issue if the bug is a security vulnerability**

**Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rsksmart/rskj/issues).

## Vulnerability Handling

### Response Time

RSK will make a best effort to meet the following response times for reported vulnerabilities:
RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities:

* Time to first response (from report submit) - 24 hours
* Time to triage (from report submit) - 2 business days
* Time to first response (from report submit) - 5 business days
* Time to triage (from report submit) - 7 business days
* Time to bounty (from triage) - 15 business days

We’ll try to keep you informed about our progress throughout the process.

### Disclouse Policy

* Follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ethereum or ETC) but reports to RSK with considerable delay, then RSK may reduce or cancel the bounty.
* Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ethereum or ETC) but reports to RootstockLabs with considerable delay, then RootstockLabs may reduce or cancel the bounty.

For more information check RSK bounty program policy at [HackerOne](https://hackerone.com/iovlabs)
For more information check RootstockLabs bounty program policy at [HackerOne](https://hackerone.com/rootstocklabs)

## Public Keys

Expand Down

0 comments on commit 7f6a8e9

Please sign in to comment.