Skip to content

Latest commit

 

History

History
48 lines (27 loc) · 2.41 KB

SECURITY.md

File metadata and controls

48 lines (27 loc) · 2.41 KB

Security Policy for Lum Network

Overview

At Lum Network, we take the security of our products seriously. We appreciate the community of users and security researchers who contribute to the security of our software by discovering and reporting vulnerabilities.

We understand that the safety of your data and systems is crucial, and we're committed to ensuring that our system is as secure as possible.

Reporting a vulnerability

If you believe you've discovered a security vulnerability in our software, we ask you to send us a private report so we can assess and respond effectively.

Please do not report security vulnerabilities through public GitHub issues, as we want to ensure that any potential vulnerabilities are handled discreetly to minimize potential risks.

To report a vulnerability, please send an email to [email protected].

In your report, please include:

  • A brief description of the potential vulnerability.
  • Steps to reproduce the issue (if applicable).
  • Any supporting materials like screenshots, logs, or scripts that demonstrate the vulnerability.

Your responsible disclosure is much appreciated and we will make every effort to acknowledge your emails within 48 hours.

Vulnerability handling

Once a report is sent to [email protected], the following process is triggered:

  • A confirmation email will be sent to acknowledge that we have received the vulnerability report.
  • Our security team will then investigate the issue to understand the impact and severity.
  • If necessary, we will work to promptly release an update, or patch, to fix the vulnerability.

We will keep you updated throughout the investigation and resolution process.

We thank you in advance for your patience as we work to resolve the issue.

Reward policy

While we greatly appreciate the efforts of security researchers and believe in recognizing their hard work, please note that we do not guarantee any rewards for reported vulnerabilities. Any decision to grant a reward is at the discretion of Lum Network and will be considered on a case-by-case basis.

Public recognition

We appreciate and acknowledge the contributions of security researchers. After a vulnerability in our software has been determined and a patch has been released, we will publicly acknowledge your responsible disclosure.

However, public disclosure of the vulnerability details without express written consent from Lum Network is strictly prohibited.