Skip to content

Commit

Permalink
Merge pull request #49 from CosmWasm/reporting-options
Browse files Browse the repository at this point in the history 
Add all 3 reporting options to SECURITY.md
  • Loading branch information
@webmaster128
webmaster128 authored Aug 22, 2024
2 parents b25e64f + 38c7bd1 commit 3de2281
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,17 @@ This is a shared security policy for the CosmWasm stack, including the following

## Reporting a Vulnerability

Please report any security issues via email to security@confio.gmbh.
There are three ways to report a security issue

You will receive a response from us within 4 working days confirming that a human read your email. If you do not hear back within 1 week, feel free to send a reminder or try to notify core team members via different channels.
| | Cosmos HackerOne Bug Bounty program | security<span>@</span>interchain.io | security<span>@</span>confio.gmbh |
| ------------------- | ----------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Maintained by | Amulet | Amulet | Confio |
| Eligible for bounty | yes | no | no |
| Reporting link | <https://hackerone.com/cosmos> | [security@interchain.io](mailto:security@interchain.io) | [security@confio.gmbh](mailto:security@confio.gmbh) |
| Reporter management | professional communation | professional communation | best effort |
| Details | See program details at <https://hackerone.com/cosmos> | If you prefer to report an issue via email, you may send a bug report to security@interchain.io with the issue details, reproduction, impact, and other information. Please submit only one unique email thread per vulnerability. Any issues reported via email are ineligible for bounty rewards. | You will receive a response from us within 4 working days confirming that a human read your email. If you do not hear back within 1 week, feel free to send a reminder or try to notify core team members via different channels. |

Please only choose one. In all cases the analysis and fixing of the issue will be performed by Confio.

Within a few days we try to reproduce the issue and confirm it. After that we work on a patch and a release strategy. Experience shows the later part is harder than the actual patch as we need to evaluate which versions are affected, for which versions a patch is provided, if that patch is consensus or state breaking and how users can apply the patch. This part can take a few days up to multiple weeks.

Expand Down

0 comments on commit 3de2281

Please sign in to comment.