Skip to content

Commit 415adfe

Browse files
author
Matthew John Cheetham
authored
Update SECURITY.md (#1697)
Updating the security policy for this open source project. The currently security policy does not accurately represent its eligibility for rewards under the GitHub Bug Bounty Program.
2 parents 986b0d5 + e388474 commit 415adfe

File tree

1 file changed

+29
-5
lines changed

1 file changed

+29
-5
lines changed

SECURITY.md

Lines changed: 29 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,32 @@
1-
# Security
1+
Thanks for helping make GitHub safe for everyone.
22

3-
If you discover a security issue in this repo, please submit it through the
4-
[GitHub Security Bug Bounty][hackerone-github]
3+
## Security
54

6-
Thanks for helping make GitHub products safe for everyone.
5+
GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).
6+
7+
Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we will ensure that your finding gets passed along to the appropriate maintainers for remediation.
8+
9+
## Reporting Security Issues
10+
11+
If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure.
12+
13+
**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
14+
15+
Instead, please send an email to opensource-security[@]github.com.
16+
17+
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
18+
19+
* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
20+
* Full paths of source file(s) related to the manifestation of the issue
21+
* The location of the affected source code (tag/branch/commit or direct URL)
22+
* Any special configuration required to reproduce the issue
23+
* Step-by-step instructions to reproduce the issue
24+
* Proof-of-concept or exploit code (if possible)
25+
* Impact of the issue, including how an attacker might exploit the issue
26+
27+
This information will help us triage your report more quickly.
28+
29+
## Policy
30+
31+
See [GitHub's Safe Harbor Policy](https://docs.github.com/en/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor)
732

8-
[hackerone-github]: https://hackerone.com/github

0 commit comments

Comments
 (0)