|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +DFINITY takes the security of our software products seriously, which includes |
| 4 | +all source code repositories under the [DFINITY](https://github.com/dfinity) |
| 5 | +GitHub organization. |
| 6 | + |
| 7 | +> [!IMPORTANT] |
| 8 | +> [DFINITY Foundation](https://dfinity.org) has a |
| 9 | +> [Internet Computer (ICP) Bug Bounty program](https://dfinity.org/bug-bounty/) |
| 10 | +> that rewards researchers for finding and reporting vulnerabilities in the |
| 11 | +> Internet Computer. Please check the scope and eligibility criteria outlined in |
| 12 | +> the policy to see if the vulnerability you found qualifies for a reward. |
| 13 | +
|
| 14 | +## How to report a vulnerability |
| 15 | + |
| 16 | +We appreciate your help in keeping our projects secure. If you believe you have |
| 17 | +found a security vulnerability in any of our repositories, please report it |
| 18 | +responsibly to us as described below: |
| 19 | + |
| 20 | +1. **Do not disclose the vulnerability publicly.** Public disclosure could be |
| 21 | + exploited by attackers before it can be fixed. |
| 22 | +2. **Send an email to securitybugs@dfinity.org.** Please include the following |
| 23 | + information in your email: |
| 24 | + - A description of the vulnerability |
| 25 | + - Steps to reproduce the vulnerability |
| 26 | + - Risk rating of the vulnerability |
| 27 | + - Any other relevant information |
| 28 | + |
| 29 | +We will respond to your report within 72 hours and work with you to fix the |
| 30 | +vulnerability as soon as possible. |
| 31 | + |
| 32 | +### Security Updates |
| 33 | + |
| 34 | +We are committed to fixing security vulnerabilities in a timely manner. Once a |
| 35 | +security vulnerability is reported, we will: |
| 36 | + |
| 37 | +- Investigate the report and confirm the vulnerability. |
| 38 | +- Develop a fix for the vulnerability. |
| 39 | +- Release a new version of the project that includes the fix. |
| 40 | +- Announce the security fix in the project's release notes. |
| 41 | + |
| 42 | +## Preferred Language |
| 43 | + |
| 44 | +We prefer all communications to be in English. |
| 45 | + |
| 46 | +## Disclaimer |
| 47 | + |
| 48 | +This security policy is subject to change at any time. |
0 commit comments