generated from ProcyOS/rust-template
23 lines
973 B
Markdown
23 lines
973 B
Markdown
|
# Reporting a Vulnerability
|
||
|
|
|
||
|
|
To report a security issue, please contact me via E-Mail (security@chir.rs) or Matrix (@lotte:chir.rs) with either a standard bug report, or by pointing at the vulnerable code.
|
||
|
|
|
||
|
|
A proof of concept is appreciated, but not required. Please be available for further questions.
|
||
|
|
|
||
|
|
This project follows a 90 day disclosure policy. You can publically disclose the issue after 90 days, or when we disclose it ourselves.
|
||
|
|
|
||
|
|
## Security Hall of Fame
|
||
|
|
|
||
|
|
1. and you?
|
||
|
|
|
||
|
|
## Threat Model
|
||
|
|
|
||
|
|
[Insert as appropriate]
|
||
|
|
|
||
|
|
## Scope
|
||
|
|
|
||
|
|
We do not consider tests to be in scope for security vulnerabilities. If you think a test is missing, feel free to [contribute](./CONTRIBUTING.md) it.
|
||
|
|
|
||
|
|
## Supported Versions
|
||
|
|
|
||
|
|
We support the latest released version, as well as the most recent development versions. If the vulnerability only affects an older version with still sees some use (for example the previous major version), we may consider supporting it on a “best effort” basis.
|