-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
be40bfc
commit fe80720
Showing
1 changed file
with
10 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,9 +17,17 @@ This is a shared security policy for the CosmWasm stack, including the following | |
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| Please report any security issues via email to security@confio.gmbh. | ||
| There are three ways to report a security issue | ||
|
|
||
| You will receive a response from us within 4 working days confirming that a human read your email. If you do not hear back within 1 week, feel free to send a reminder or try to notify core team members via different channels. | ||
| | | Cosmos HackerOne Bug Bounty program | [email protected] | [email protected] | | ||
| | ------------------- | ----------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | Maintained by | Amulet | Amulet | Confio | | ||
| | Eligable for bounty | yes | no | no | | ||
| | Reporting link | <https://hackerone.com/cosmos> | [[email protected]](mailto:[email protected]) | [[email protected]](mailto:[email protected]) | | ||
| | Reporter management | professional communation | professional communation | best effort | | ||
| | Details | See program details at <https://hackerone.com/cosmos> | If you prefer to report an issue via email, you may send a bug report to [email protected] with the issue details, reproduction, impact, and other information. Please submit only one unique email thread per vulnerability. Any issues reported via email are ineligible for bounty rewards. | You will receive a response from us within 4 working days confirming that a human read your email. If you do not hear back within 1 week, feel free to send a reminder or try to notify core team members via different channels. | | ||
|
|
||
| Please only choose one. In all cases the analysis and fixing of the issue will be performed by Confio. | ||
|
|
||
| Within a few days we try to reproduce the issue and confirm it. After that we work on a patch and a release strategy. Experience shows the later part is harder than the actual patch as we need to evaluate which versions are affected, for which versions a patch is provided, if that patch is consensus or state breaking and how users can apply the patch. This part can take a few days up to multiple weeks. | ||
|
|
||
|
|
||