Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Improve security policy #1240

Merged
merged 1 commit into from
Mar 27, 2023
Merged

docs: Improve security policy #1240

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
## Democratized Data Foundation Security Disclosure Policy
# Democratized Data (D2) Foundation Security Disclosure Policy

We value the work of well-intentioned security researchers in identifying security vulnerabilities. We adhere to the practice of responsible disclosure to protect users from the impact of security issues. This policy outlines our commitment to addressing security incidents and our expectations for responsible disclosure.

Expand All @@ -7,16 +7,16 @@ We value the work of well-intentioned security researchers in identifying securi

1. We respond to security incidents and address vulnerabilities.
2. We collaborate to establish a disclosure time frame for the reported vulnerability. During this time, we will either develop a fix or accept the risk, followed by disclosing the vulnerability.
3. We are transparent, ensuring that our community remains informed about incidents affecting them.
3. We are transparent, ensuring our community remains informed about incidents affecting them.


## Responsible Disclosure Process

If you have discovered a security vulnerability in our technologies, please disclose it responsibly by contacting us at [[email protected]](). We kindly ask that you refrain from discussing potential vulnerabilities in public without our prior validation.
If you have discovered a security vulnerability in our technologies, please disclose it responsibly by contacting us at [[email protected]](mailto:[email protected]). We kindly ask that you refrain from discussing potential vulnerabilities in public without our prior validation.

Upon receiving a report, our security team will:

1. Review the report, verify the vulnerability, and respond with confirmation or requests for additional information. Our typical response time is within 24 hours.
2. Once the reported security bug has been addressed, we will notify the researcher, who may then optionally disclose the vulnerability publicly.
2. Once the reported security bug has been addressed, we will notify the researcher, who may optionally disclose the vulnerability publicly.

We currently do not offer bug bounties. The Democratized Data Foundation or organizations using our technologies may choose to provide such rewards in the future. We maintain a Hall of Fame to acknowledge those who have responsibly disclosed security issues.
We currently do not offer bug bounties. The Democratized Data (D2) Foundation or organizations using our technologies may choose to provide such rewards in the future. We maintain a Hall of Fame to acknowledge those responsibly disclosing security issues.