|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Reporting a Vulnerability |
| 4 | + |
| 5 | +We take the security of VersionTwo seriously. If you believe you have found a security vulnerability, please report it to us as described below. |
| 6 | + |
| 7 | +**Please do not report security vulnerabilities through public GitHub issues.** |
| 8 | + |
| 9 | +Instead, please report them via email to: |
| 10 | + |
| 11 | +``` |
| 12 | +maintainers@pandaswhocode.com |
| 13 | +``` |
| 14 | + |
| 15 | +You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message. |
| 16 | + |
| 17 | +Please include the following information in your report: |
| 18 | + |
| 19 | +- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) |
| 20 | +- Full paths of source file(s) related to the manifestation of the issue |
| 21 | +- The location of the affected source code (tag/branch/commit or direct URL) |
| 22 | +- Any special configuration required to reproduce the issue |
| 23 | +- Step-by-step instructions to reproduce the issue |
| 24 | +- Proof-of-concept or exploit code (if possible) |
| 25 | +- Impact of the issue, including how an attacker might exploit it |
| 26 | + |
| 27 | +## Preferred Languages |
| 28 | + |
| 29 | +We prefer all communications to be in English. |
| 30 | + |
| 31 | +## Policy |
| 32 | + |
| 33 | +- We will respond to your report within 48 hours with our evaluation and expected resolution time |
| 34 | +- If you have followed the instructions above, we will not take legal action against you in regard to your report |
| 35 | +- We will keep you informed of the progress towards resolving the issue |
| 36 | +- Once the issue is resolved, we will publicly acknowledge your responsible disclosure, if you wish |
0 commit comments