-
-
Notifications
You must be signed in to change notification settings - Fork 358
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Found Security program #537
Comments
You will want to have an internal discussion about methods for incentivizing security researchers to take part in your bug bounty program. I would also suggest creating a responsible disclosure program in conjunction with your bug bounty program to create a pathway for reporting vulnerabilities securely. You can look to Parity to see what they have done in this space. https://www.parity.io/bug-bounty/ I also highly recommend implementing a security.txt record on your KodaDot properties: https://securitytxt.org/ Regarding item #2, I would definitely recommend integrating regular source code reviews, security audits, and penetration tests into your CI/CD pipeline as features and functions are added or removed from the Kodadot codebase. How often you do those is up to you of course. |
https://www.parity.io/bug-bounty/ We will crack on that in upcoming Meta_hours_4 #2007
#2089 yes we will nail it down soon
#1858 will be there We will be posted on the https://www.huntr.dev/ to drive more security researchers. |
huntr.dev is over capacity what I received response. Any good other hints? |
This issue has been automatically marked as stale because it has not had activity in last 720 days. It will be closed in 120 days if no further activity occurs. Please @kodadot/internal |
Security program
Reasoning:
As we've left out some un-used 📦 in our code and some security experts thoughts are a high-risk issues, where Textile wasn't used for anything critical anymore, since we implemented Subquery - #535, #533 - Twitter
Meanwhile, we've got an A grade on headers
The text was updated successfully, but these errors were encountered: