Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Add Security Reporting Instructions #966

Merged
merged 2 commits into from
Jan 28, 2025
Merged

chore: Add Security Reporting Instructions #966

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ada5519
Add SECURITY.md
lferrigno Jan 28, 2025
8482690
Modified readme for security
lferrigno Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions .github/SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Security Policy

## Reporting a Vulnerability

We take the security of our project seriously. If you discover a vulnerability, we encourage you to report it responsibly so we can address it promptly.

### How to Report

1. Navigate to the **Security** tab of this repository.
2. Click on **"Report a Vulnerability"** to open the GitHub Security Advisories form.
3. Fill out the form with as much detail as possible, including:
- A clear description of the issue.
- Steps to reproduce the vulnerability.
- The affected versions or components.
- Any potential impact or severity details.

Alternatively, you can send an email to **[[email protected]](mailto:[email protected])** with the same details.

### Guidelines for Reporting

- **Do not publicly disclose vulnerabilities** until we have confirmed and fixed the issue.
- Include any proof-of-concept code, if possible, to help us verify the vulnerability more efficiently.
- If applicable, specify if the vulnerability is already being exploited.

### Our Response Process

- We commit to handling reports with diligence.
- We will investigate all reported vulnerabilities thoroughly and transparently.
- Once the vulnerability has been fixed, we will disclose the details publicly to ensure awareness and understanding.


### Reward Program

While we do not currently offer a formal bug bounty program, we value your contribution and will recognize your efforts in our changelog or release notes (if you consent).

Thank you for helping us improve the security of our project!
9 changes: 9 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,3 +215,12 @@ The following links, repos, companies and projects have been important in the de
- [Gnark](https://github.com/Consensys/gnark)
- [Constantine](https://github.com/mratsim/constantine)
- [Plonky3](https://github.com/Plonky3/Plonky3)

# Security

We take security seriously. If you discover a vulnerability in this project, please report it responsibly.

- You can report vulnerabilities directly via the **[GitHub "Report a Vulnerability" feature](../../security/advisories/new)**.
- Alternatively, send an email to **[[email protected]](mailto:[email protected])**.

For more details, please refer to our [Security Policy](./.github/SECURITY.md).
Loading