1
0
mirror of https://github.com/mattermost/focalboard.git synced 2024-11-19 20:32:00 +02:00

Update responsibile_disclosure_policy.md (#1383)

* Update responsibile_disclosure_policy.md

* Update and rename responsibile_disclosure_policy.md to responsible_disclosure_policy.md

Renamed page due to typo.

Co-authored-by: Justine Geffen <justinegeffen@users.noreply.github.com>
This commit is contained in:
Elisha Hollander 2021-10-01 14:39:00 +03:00 committed by GitHub
parent 8a9bb92330
commit 9cb200a831
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,16 +1,16 @@
# Responsible Disclosure Policy
Safety and data security is of utmost priority for the Focalboard community. If you are a security researcher and have discovered a security vulnerability in our code base, we appreciate your help in disclosing it to us in a responsible manner.
Safety and data security are of utmost priority for the Focalboard community. If you are a security researcher and have discovered a security vulnerability in our codebase, we appreciate your help in disclosing it to us in a responsible manner.
Please contact us at `chen [at] mattermost.com` to report any security vulnerabilities found in our open source code base.
Please contact us at `chen [at] mattermost.com` to report any security vulnerabilities found in our open source codebase.
Please refrain from requesting compensation for reporting vulnerabilities.
We will acknowledge receipt of your vulnerability report and send you regular updates about our progress.
If your report is reproducible as an exploit and results in a change to the code base or documentation of a Focalboard product, we will–-at your option–-publicly acknowledge your responsible disclosure.
If your report is reproducible as an exploit and results in a change to the codebase or documentation of a Focalboard product, we will–-at your option–-publicly acknowledge your responsible disclosure.
After a fix is made, we ask security researchers to wait 30 days after a release before announcing the specific details of a vulnerability, and to provide Focalboard with a link to any such announcements. In releases containing security fixes, Focalboard announces an update is available, acknowledges the contributions of security researches, and it withholds specific details until 30 days after availability to give time for the community to apply updates.
After a fix is made, we ask security researchers to wait 30 days after a release before announcing the specific details of a vulnerability, and to provide Focalboard with a link to any such announcements. In releases containing security fixes, Focalboard announces an update is available, acknowledges the contributions of security researchers, and it withholds specific details until 30 days after availability to give time for the community to apply updates.
You are not allowed to search for vulnerabilities on any instance of Focalboard hosted by the team, users, or customers with the exception of non-disruptive testing on the community test server mentioned above.