notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[docs] Update SECURITY.md

Browse source
This commit is contained in:
Laura Hausmann 2024-11-16 16:10:18 +01:00
parent e2004f5472
commit cd9cf33ae4
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
SECURITY.md
View file

@ -5,3 +5,5 @@ If you discover a security vulnerability, you can report it to us via any of the
- Send your PGP key to security@iceshrimp.dev. After secure communication is established, send us the vulnerability details as an encrypted message. - Send your PGP key to security@iceshrimp.dev. After secure communication is established, send us the vulnerability details as an encrypted message.
This will allow us to assess the risk & make a fix available before the vulnerability is disclosed publicly. This will allow us to assess the risk & make a fix available before the vulnerability is disclosed publicly.
Note that in the case of coordinated disclosure, once the severity has been established to be high/critical & patches are ready, we will set a cutoff date (within reason) at which point we'll release the patches regardless of the state of the coordinated disclosure. This is to prevent excessive delays caused by bikeshedding or similar behavior by coordination partners.