Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add all 3 reporting options to SECURITY.md #49

Merged
merged 3 commits into from
Aug 22, 2024
Merged

Add all 3 reporting options to SECURITY.md #49

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fe80720
Add all 3 reporting options
webmaster128 Aug 21, 2024
ff1da32
Deactivate links in headline
webmaster128 Aug 21, 2024
38c7bd1
Update SECURITY.md
webmaster128 Aug 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,17 @@ This is a shared security policy for the CosmWasm stack, including the following

## Reporting a Vulnerability

Please report any security issues via email to security@confio.gmbh.
There are three ways to report a security issue

You will receive a response from us within 4 working days confirming that a human read your email. If you do not hear back within 1 week, feel free to send a reminder or try to notify core team members via different channels.
| | Cosmos HackerOne Bug Bounty program | security<span>@</span>interchain.io | security<span>@</span>confio.gmbh |
| ------------------- | ----------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Maintained by | Amulet | Amulet | Confio |
| Eligible for bounty | yes | no | no |
| Reporting link | <https://hackerone.com/cosmos> | [security@interchain.io](mailto:security@interchain.io) | [security@confio.gmbh](mailto:security@confio.gmbh) |
| Reporter management | professional communation | professional communation | best effort |
| Details | See program details at <https://hackerone.com/cosmos> | If you prefer to report an issue via email, you may send a bug report to security@interchain.io with the issue details, reproduction, impact, and other information. Please submit only one unique email thread per vulnerability. Any issues reported via email are ineligible for bounty rewards. | You will receive a response from us within 4 working days confirming that a human read your email. If you do not hear back within 1 week, feel free to send a reminder or try to notify core team members via different channels. |

Please only choose one. In all cases the analysis and fixing of the issue will be performed by Confio.

Within a few days we try to reproduce the issue and confirm it. After that we work on a patch and a release strategy. Experience shows the later part is harder than the actual patch as we need to evaluate which versions are affected, for which versions a patch is provided, if that patch is consensus or state breaking and how users can apply the patch. This part can take a few days up to multiple weeks.

Expand Down