Create SECURITY.md #6681
Comments
|
It may take a bit before we can (if we decide to) create a proper security policy, but it's generally accepted by us that since OBS runs locally and has no inbound remote connectivity or ways to access it externally, that any attack vectors that use OBS are typically either just normal social engineering attacks, or the level of access required to get in to OBS is already far more of an issue than whatever OBS might be used for. This may change in v28 when we ship with websocket functionality by default, but we'll evaluate that at that time. That said, we do have a mailbox you can send concerns to: security@obsproject.com |
|
@Fenrirthviti - thanks for your diligence and response. I sent the report that we received to the suggested e-mail address a couple of minutes ago. For reference, the report can be found directly here as well: |
|
Is there a way to opt-out a project from your site? I can't find anything about that in the FAQ. |
|
@derrod - yes, if you would like me to opt-out |
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@nerrorsec) has found a potential issue, which I would be eager to share with you.
Could you add a
SECURITY.mdfile with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.Looking forward to hearing from you 👍
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: