File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ # Security Policy
2+
3+ ## Reporting a Vulnerability
4+
5+ Please report (suspected) security vulnerabilities to our ** [ bug bounty
6+ program] ( https://bugcrowd.com/aiven-mbb-og ) ** . You will receive a response from
7+ us within 2 working days. If the issue is confirmed, we will release a patch as
8+ soon as possible depending on impact and complexity.
9+
10+ ## Qualifying Vulnerabilities
11+
12+ Any reproducible vulnerability that has a severe effect on the security or
13+ privacy of our users is likely to be in scope for the program.
14+
15+ We generally ** aren't** interested in the following issues:
16+
17+ * Social engineering (e.g. phishing, vishing, smishing) attacks
18+ * Brute force, DoS, text injection
19+ * Missing best practices such as HTTP security headers (CSP, X-XSS, etc.),
20+ email (SPF/DKIM/DMARC records), SSL/TLS configuration.
21+ * Software version disclosure / Banner identification issues / Descriptive
22+ error messages or headers (e.g. stack traces, application or server errors).
23+ * Clickjacking on pages with no sensitive actions
24+ * Theoretical vulnerabilities where you can't demonstrate a significant
25+ security impact with a proof of concept.
You can’t perform that action at this time.
0 commit comments