Skip to content

Update SECURITY.md #394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Update SECURITY.md #394

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ However, if you believe you have found a security vulnerability in Gloo, we enco

Vulnerabilities that are exploitable via the network such as remote code execution should be reported. Issues that require access to the sending/receiving machine or are caused by incorrectly using the API are not considered vulnerabilities in Gloo.

Please report security issues via https://www.facebook.com/whitehat or by filing an issue for low risk vulnerabilities.
Please report security issues via https://bugbounty.meta.com or by filing an issue for low risk vulnerabilities.

Please refer to the following page for our responsible disclosure policy, reward guidelines, and those things that should not be reported:

https://www.facebook.com/whitehat

https://bugbounty.meta.com
## Using Gloo Securely

The only way to guarantee safety with Gloo is to run it in a trusted environment with trusted inputs. Gloo has not been security hardened and bugs as well as misusages of Gloo may result in remote code execution and data leakage.
Expand Down