-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: Improve security policy (#1240)
- Loading branch information
1 parent
e66fe27
commit 23bef97
Showing
1 changed file
with
5 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| ## Democratized Data Foundation Security Disclosure Policy | ||
| # Democratized Data (D2) Foundation Security Disclosure Policy | ||
|
|
||
| We value the work of well-intentioned security researchers in identifying security vulnerabilities. We adhere to the practice of responsible disclosure to protect users from the impact of security issues. This policy outlines our commitment to addressing security incidents and our expectations for responsible disclosure. | ||
|
|
||
|
|
@@ -7,16 +7,16 @@ We value the work of well-intentioned security researchers in identifying securi | |
|
|
||
| 1. We respond to security incidents and address vulnerabilities. | ||
| 2. We collaborate to establish a disclosure time frame for the reported vulnerability. During this time, we will either develop a fix or accept the risk, followed by disclosing the vulnerability. | ||
| 3. We are transparent, ensuring that our community remains informed about incidents affecting them. | ||
| 3. We are transparent, ensuring our community remains informed about incidents affecting them. | ||
|
|
||
|
|
||
| ## Responsible Disclosure Process | ||
|
|
||
| If you have discovered a security vulnerability in our technologies, please disclose it responsibly by contacting us at [[email protected]](). We kindly ask that you refrain from discussing potential vulnerabilities in public without our prior validation. | ||
| If you have discovered a security vulnerability in our technologies, please disclose it responsibly by contacting us at [[email protected]](mailto:[email protected]). We kindly ask that you refrain from discussing potential vulnerabilities in public without our prior validation. | ||
|
|
||
| Upon receiving a report, our security team will: | ||
|
|
||
| 1. Review the report, verify the vulnerability, and respond with confirmation or requests for additional information. Our typical response time is within 24 hours. | ||
| 2. Once the reported security bug has been addressed, we will notify the researcher, who may then optionally disclose the vulnerability publicly. | ||
| 2. Once the reported security bug has been addressed, we will notify the researcher, who may optionally disclose the vulnerability publicly. | ||
|
|
||
| We currently do not offer bug bounties. The Democratized Data Foundation or organizations using our technologies may choose to provide such rewards in the future. We maintain a Hall of Fame to acknowledge those who have responsibly disclosed security issues. | ||
| We currently do not offer bug bounties. The Democratized Data (D2) Foundation or organizations using our technologies may choose to provide such rewards in the future. We maintain a Hall of Fame to acknowledge those responsibly disclosing security issues. | ||