17 lines
1.0 KiB
Markdown
17 lines
1.0 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you want to contact us directly regarding a security concern, please write an e-mail to contact@engelsystem.de and explain your findings.
|
|
Thank you!
|
|
|
|
## Use of external reporting / bug bounty services
|
|
|
|
We kindly ask you to not use any external reporting / bug bounty service. We do not collaborate with any external service and experiences in the past showed that these services usually add a lot of unnecessary overhead.
|
|
|
|
Please send security critical bug reports to contact@engelsystem.de.
|
|
|
|
If you feel like we are not reacting fast enough (generally no more than 14 days should go by until an initial response; This is a volunteer project mostly used internally after all), please feel free to go for full disclosure via our github issue tracker, and tag the issue there by creating a title prefixed with [SECURITY].
|
|
|
|
If you find a critical vulnerability that warrants a CVE, we will also take care of issuing a CVE without any bug bounty platform having to be involved.
|