docs: Apply feedback on security policy
This commit is contained in:
parent
0ba77674c7
commit
e8d823a653
1 changed files with 6 additions and 2 deletions
|
@ -12,16 +12,18 @@ We provide security updates for the following versions of Continuwuity:
|
|||
| Main branch | ✅ |
|
||||
| Older releases | ❌ |
|
||||
|
||||
We may backport fixes to the previous release at our discretion, but we don't guarantee this.
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
### Responsible Disclosure
|
||||
|
||||
We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
|
||||
|
||||
1. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org)
|
||||
2. Contact members of the team over E2EE private message.
|
||||
1. Contact members of the team over E2EE private message.
|
||||
- [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
|
||||
- [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
|
||||
2. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
|
||||
3. **Do not disclose the vulnerability publicly** until it has been addressed
|
||||
4. **Provide detailed information** about the vulnerability, including:
|
||||
- A clear description of the issue
|
||||
|
@ -30,6 +32,8 @@ We appreciate the efforts of security researchers and the community in identifyi
|
|||
- Any possible mitigations
|
||||
- Version(s) affected, including specific commits if possible
|
||||
|
||||
If you have any doubts about a potential security vulnerability, contact us via private channels first! We'd prefer that you bother us, instead of having a vulnerability disclosed without a fix.
|
||||
|
||||
### What to Expect
|
||||
|
||||
When you report a security vulnerability:
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue