-
Notifications
You must be signed in to change notification settings - Fork 219
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: add SECURITY.md Vulnerability Disclosure Policy #5351
fix: add SECURITY.md Vulnerability Disclosure Policy #5351
Conversation
Add Tari Vulnerability Disclosure Policy
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. This is much needed. Made a few comments.
Co-authored-by: Cayle Sharrock <CjS77@users.noreply.github.com>
Co-authored-by: Cayle Sharrock <CjS77@users.noreply.github.com>
Additional clarification in regard to Yat bug bounty program
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed and updated with 60-day timeline
This fixes #4141 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, this was much needed
👍 |
## [0.50.0-pre.1](v0.50.0-pre.0...v0.50.0-pre.1) (2023-05-08) ### Features * add miner timeout config option ([5331](#5331)) ([aea14f6](aea14f6)) * chat ffi ([5349](#5349)) ([f7cece2](f7cece2)) * chat scaffold ([5244](#5244)) ([5b09f8e](5b09f8e)) * improve message encryption ([5288](#5288)) ([7a80716](7a80716)) * **p2p:** allow listener bind to differ from the tor forward address ([5357](#5357)) ([857fb55](857fb55)) ### Bug Fixes * add SECURITY.md Vulnerability Disclosure Policy ([5351](#5351)) ([72daaf5](72daaf5)) * added missing log4rs features ([5356](#5356)) ([b9031bb](b9031bb)) * allow public addresses from command line ([5303](#5303)) ([349ac89](349ac89)) * clippy issues with config ([5334](#5334)) ([026f0d5](026f0d5)) * default network selection ([5333](#5333)) ([cf4b2c8](cf4b2c8)) * make the first output optional in the wallet ([5352](#5352)) ([bf16140](bf16140)) * remove wallet panic ([5338](#5338)) ([536d16d](536d16d)) * wallet .h file for lib wallets ([5330](#5330)) ([22a3a17](22a3a17))
Add Tari Vulnerability Disclosure Policy
Description
Added SECURITY.md for publishing of Tari Vulnerability Disclosure Policy
Motivation and Context
A SECURITY.md file is best practice for informing security researchers about a Vulnerability Disclosure Policy and bug bounty rewards. See: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
How Has This Been Tested?
Tari Labs review and comparison with Monero Project Vulnerability Response Process
What process can a PR reviewer use to test or verify this change?
n/a
Breaking Changes