Skip to content

Security: iris-connect/iris-gateway

Security

SECURITY.md

Security Policy

This document describes the security policy and reporting procedures for the iris-gateway project.

If you want to report a bug which is not security sensible, please submit an issue.

Reporting a Security Issue

Our team takes all security issues in IRIS seriously.
If you want to report a security issue we appreciate your effort and kindly ask you to submit a responsible disclosure.
Unfortunately, IRIS does not offer a bug bounty programme or other forms of monetary compensation yet. However, we plan to join a bug bounty platform like HackerOne in the long-term. Also, we can acknowledge your effort publicly in the GitHub project.
Thank you for improving the security of the IRIS project!

Report security issues via email at security@iris-connect.de.

The IRIS team acknowledges your email within 24 hours and will further respond in detail within 48 hours, explaining the induced actions.
Our security team will keep you up to date of the progress towards fixing the vulnerability and may ask you for additional information.

Please report security issues in third-party dependencies to the person or team maintaining the project for this dependency.

Responsible Disclosure Policy

When we receive a security bug report, we will assign it to a person who handles your disclosure.
This person is responsible for the following steps of the fix process:

  • Confirm the problem and identify affected versions
  • Audit code for finding similar problems
  • Develop fixes for all affected versions
  • Release fixes as quick as possible

Suggestions for this Policy

Feedback on this policy and the process is welcome and if you want to suggest how to improve it, we kindly ask you to submit a pull request.

There aren’t any published security advisories