Responsible disclosure policy #78
Comments
|
@JamieSlome Feel free to just share the issue here. |
|
@inoda - sure, both issues can be found here: https://huntr.dev/bounties/31284e3a-ed7b-4896-817d-8d340f4d3862/ Both are currently private and only accessible by you 👍 |
|
@JamieSlome Can you just share the issue here publicly? I understand this is a mechanism to get adoption for your site but I'm not interested in making an account |
|
Seems like this got moved to #82 |
|
@inoda - I have made both reports public at the same URLs. We do not make reports private for adoption, but purely because many maintainers don't want reports public by default. We allow maintainers to access reports using magic URLs, where sign-up is not required at all. This is why we first request an e-mail, so we can send a magic URL to view the reports 👍 |
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@J-GainSec) has found a potential issue, which I would be eager to share with you.
Could you add a
SECURITY.mdfile with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.Looking forward to hearing from you 👍
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: