-
-
Notifications
You must be signed in to change notification settings - Fork 7.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create SECURITY.md #6681
Comments
It may take a bit before we can (if we decide to) create a proper security policy, but it's generally accepted by us that since OBS runs locally and has no inbound remote connectivity or ways to access it externally, that any attack vectors that use OBS are typically either just normal social engineering attacks, or the level of access required to get in to OBS is already far more of an issue than whatever OBS might be used for. This may change in v28 when we ship with websocket functionality by default, but we'll evaluate that at that time. That said, we do have a mailbox you can send concerns to: security@obsproject.com |
@Fenrirthviti - thanks for your diligence and response. I sent the report that we received to the suggested e-mail address a couple of minutes ago. For reference, the report can be found directly here as well: |
Is there a way to opt-out a project from your site? I can't find anything about that in the FAQ. |
@derrod - yes, if you would like me to opt-out |
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@nerrorsec) has found a potential issue, which I would be eager to share with you.
Could you add a
SECURITY.md
file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.Looking forward to hearing from you 👍
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: