Skip to content

Latest commit

 

History

History
27 lines (14 loc) · 1.4 KB

SECURITY.md

File metadata and controls

27 lines (14 loc) · 1.4 KB

Reporting Security Issues

The RootstockCollective team and community take security vulnerabilities very seriously. Although this project is currently in its bootstrapping phase (MVP) and falls outside the scope of a Bug Bounty Program, we sincerely appreciate your responsible disclosure and will make every effort to acknowledge your contributions.

Responsible Disclosure

For all security related issues, use the GitHub Security Advisory "Report a Vulnerability" tab.

The RootstockCollective team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Ensure the bug was not already reported by searching on GitHub under Issues.

Vulnerability Handling

Response Time

RootstockCollective will make a best effort to meet the following response times for reported vulnerabilities:

  • Time to first response (from report submit) - 5 business days
  • Time to triage (from report submit) - 7 business days

We'll try to keep you informed about our progress throughout the process.

Disclose Policy

  • Public disclosure of a vulnerability makes it ineligible for a bounty.