Update SECURITY.md
Included statement on the use of external reporting services / bug bounty services.
This commit is contained in:
parent
b3dd2b1d47
commit
9f113958ca
10
SECURITY.md
10
SECURITY.md
|
@ -4,3 +4,13 @@
|
||||||
|
|
||||||
If you want to contact us directly regarding a security concern, please write an e-mail to contact@engelsystem.de and explain your findings.
|
If you want to contact us directly regarding a security concern, please write an e-mail to contact@engelsystem.de and explain your findings.
|
||||||
Thank you!
|
Thank you!
|
||||||
|
|
||||||
|
## Use of external reporting / bug bounty services
|
||||||
|
|
||||||
|
We kindly ask you to not use any external reporting / bug bounty service. We do not collaborate with any external service and experiences in the past showed that these services usually add a lot of unnecessary overhead.
|
||||||
|
|
||||||
|
Please send security critical bug reports to contact@engelsystem.de.
|
||||||
|
|
||||||
|
If you feel like we are not reacting fast enough (generally no more than 14 days should go by until an initial response; This is a volunteer project mostly used internally after all), please feel free to go for full disclosure via our github issue tracker, and tag the issue there by creating a title prefixed with [SECURITY].
|
||||||
|
|
||||||
|
If you find a critical vulnerability that warrants a CVE, we will also take care of issuing a CVE without any bug bounty platform having to be involved.
|
||||||
|
|
Loading…
Reference in New Issue