-
Notifications
You must be signed in to change notification settings - Fork 148
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: Add Security Reporting Instructions (#966)
* Add SECURITY.md * Modified readme for security
- Loading branch information
Showing
2 changed files
with
45 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| # Security Policy | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| We take the security of our project seriously. If you discover a vulnerability, we encourage you to report it responsibly so we can address it promptly. | ||
|
|
||
| ### How to Report | ||
|
|
||
| 1. Navigate to the **Security** tab of this repository. | ||
| 2. Click on **"Report a Vulnerability"** to open the GitHub Security Advisories form. | ||
| 3. Fill out the form with as much detail as possible, including: | ||
| - A clear description of the issue. | ||
| - Steps to reproduce the vulnerability. | ||
| - The affected versions or components. | ||
| - Any potential impact or severity details. | ||
|
|
||
| Alternatively, you can send an email to **[[email protected]](mailto:[email protected])** with the same details. | ||
|
|
||
| ### Guidelines for Reporting | ||
|
|
||
| - **Do not publicly disclose vulnerabilities** until we have confirmed and fixed the issue. | ||
| - Include any proof-of-concept code, if possible, to help us verify the vulnerability more efficiently. | ||
| - If applicable, specify if the vulnerability is already being exploited. | ||
|
|
||
| ### Our Response Process | ||
|
|
||
| - We commit to handling reports with diligence. | ||
| - We will investigate all reported vulnerabilities thoroughly and transparently. | ||
| - Once the vulnerability has been fixed, we will disclose the details publicly to ensure awareness and understanding. | ||
|
|
||
|
|
||
| ### Reward Program | ||
|
|
||
| While we do not currently offer a formal bug bounty program, we value your contribution and will recognize your efforts in our changelog or release notes (if you consent). | ||
|
|
||
| Thank you for helping us improve the security of our project! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -215,3 +215,12 @@ The following links, repos, companies and projects have been important in the de | |
| - [Gnark](https://github.com/Consensys/gnark) | ||
| - [Constantine](https://github.com/mratsim/constantine) | ||
| - [Plonky3](https://github.com/Plonky3/Plonky3) | ||
|
|
||
| # Security | ||
|
|
||
| We take security seriously. If you discover a vulnerability in this project, please report it responsibly. | ||
|
|
||
| - You can report vulnerabilities directly via the **[GitHub "Report a Vulnerability" feature](../../security/advisories/new)**. | ||
| - Alternatively, send an email to **[[email protected]](mailto:[email protected])**. | ||
|
|
||
| For more details, please refer to our [Security Policy](./.github/SECURITY.md). | ||