Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request For Security Contact #6567

Closed
RedYetiDev opened this issue Jun 13, 2024 · 2 comments · Fixed by #6580
Closed

Request For Security Contact #6567

RedYetiDev opened this issue Jun 13, 2024 · 2 comments · Fixed by #6580
Assignees
@Wumpf
Labels
❓ question Further information is requested

Comments

@RedYetiDev
Copy link

Hi! I'm a security researcher, and it looks like your project doesn't have a SECURITY.md file. If possible, I'd like to get in touch with a security contact so I may report a vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@Wumpf
Copy link
Member

Wumpf commented Jun 14, 2024
edited
Loading

we don't have a dedicated contact yet, but you can send to opensource@rerun.io
All of the Rerun Viewer's network traffic is unencrypted at this point so I security flaws in this area would surprise me given that there's simply no security to be had, but still curious what you found! Thanks in advance!

@Wumpf Wumpf closed this as completed Jun 14, 2024
@Wumpf Wumpf added the ❓ question Further information is requested label Jun 14, 2024
@Wumpf
Copy link
Member

Wumpf commented Jun 14, 2024

reopening this as a placeholder for adding a security.md file

@Wumpf Wumpf reopened this Jun 14, 2024
@Wumpf Wumpf self-assigned this Jun 14, 2024
@Wumpf Wumpf mentioned this issue Jun 17, 2024
Merged
5 tasks
Wumpf added a commit that referenced this issue Jun 17, 2024
@Wumpf
Add a simple security.md (#6580)
ba4642a 
### What

* Fixes #6567

Has only a note for reporting vulnerabilities right now until we figure
out other aspects of security policy etc.

### Checklist
* [x] I have read and agree to [Contributor
Guide](https://github.com/rerun-io/rerun/blob/main/CONTRIBUTING.md) and
the [Code of
Conduct](https://github.com/rerun-io/rerun/blob/main/CODE_OF_CONDUCT.md)
* [x] I've included a screenshot or gif (if applicable)
* [x] I have tested the web demo (if applicable):
* Using examples from latest `main` build:
[rerun.io/viewer](https://rerun.io/viewer/pr/6580?manifest_url=https://app.rerun.io/version/main/examples_manifest.json)
* Using full set of examples from `nightly` build:
[rerun.io/viewer](https://rerun.io/viewer/pr/6580?manifest_url=https://app.rerun.io/version/nightly/examples_manifest.json)
* [x] The PR title and labels are set such as to maximize their
usefulness for the next release's CHANGELOG
* [x] If applicable, add a new check to the [release
checklist](https://github.com/rerun-io/rerun/blob/main/tests/python/release_checklist)!

- [PR Build Summary](https://build.rerun.io/pr/6580)
- [Recent benchmark results](https://build.rerun.io/graphs/crates.html)
- [Wasm size tracking](https://build.rerun.io/graphs/sizes.html)

To run all checks from `main`, comment on the PR with `@rerun-bot
full-check`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Wumpf Wumpf

Labels
❓ question Further information is requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add a simple SECURITY.md rerun-io/rerun
2 participants
@Wumpf @RedYetiDev