Skip to content

Commit 42a5926

Browse files
committed
Merge 'docs/security' into 'master'
docs(security): add SECURITY.md and update READMEs with security information See merge request: !67
2 parents bae4407 + 3f40908 commit 42a5926

3 files changed

Lines changed: 14 additions & 1 deletion

File tree

README.EN.MD

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -352,3 +352,6 @@ The following code examples are provided:
352352
ve rds_mysql ModifyDBInstanceIPList --body '{"InstanceId":"xxxxxx", "GroupName": "xxxxxx", "IPList": ["10.20.30.40", "50.60.70.80"]}'
353353
```
354354
355+
## Security and privacy
356+
This project takes security seriously.
357+
For vulnerability reporting and supported versions, see [SECURITY.md](SECURITY.md)

README.MD

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -370,7 +370,10 @@ ve <service name> <action> [--parameter1 value1 --parameter2 value2 ...]
370370
ve rds_mysql ModifyDBInstanceIPList --body '{"InstanceId":"xxxxxx", "GroupName": "xxxxxx", "IPList": ["10.20.30.40", "50.60.70.80"]}'
371371
```
372372

373-
373+
374+
## Security and privacy
375+
This project takes security seriously.
376+
For vulnerability reporting and supported versions, see [SECURITY.md](SECURITY.md)
374377

375378

376379

SECURITY.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
## Security and privacy
2+
If you discover potential security issues in the project, or believe you may have found a security issue, please notify the ByteDance security team through our [security center](https://security.bytedance.com/src/) or [vulnerability reporting email](mailto:src@bytedance.com). Please do not create public GitHub Issues.
3+
We will assess the vulnerability based on the Common Vulnerability Scoring System (CVSS 3.1). The security team will keep you updated on key progress and may request further information or guidance from you. You are welcome to contact us via the email or website mentioned above to ask questions or discuss disclosure matters.
4+
To protect the security of our customers, ByteDance requests that you do not publish or share information regarding the vulnerability in any public forum, nor publish or share data involving users, until the vulnerability has been remediated and our users have been notified. Please understand that the time required for remediation depends on the severity of the vulnerability and the scope of the impact.
5+
Individuals, companies, and security teams may wish to publish security advisories on their own websites or other forums. Please contact us via the email or website mentioned above prior to publication to discuss the information that can be disclosed and to coordinate the disclosure timeline.
6+
## Bug Bounty Reward
7+
[For the policy of bug bounty reward](https://bytedance.larkoffice.com/docx/ZstQd7bbooDctqxBCAmcFasOngd), if you have any questions about the rules, please contact [https://src.bytedance.com/home](https://src.bytedance.com/home) for consultation.

0 commit comments

Comments
 (0)