Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Commit

Permalink
Merge pull request #4568 from gratipay/security-txt
Browse files Browse the repository at this point in the history 
Create a security txt.
  • Loading branch information
@chadwhitacre
chadwhitacre authored Aug 14, 2017
2 parents 7b44660 + 05d02fa commit c279b33
Showing 1 changed file with 44 additions and 0 deletions.
44 changes: 44 additions & 0 deletions www/security.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# In scope targets
In-scope: gratipay.com
In-scope: grtp.co

# Our GitHub projects
In-scope: inside.gratipay.com
In-scope: github.com/gratipay/bot
In-scope: github.com/gratipay/environment.py
In-scope: github.com/gratipay/postgres.py

# Out of scope vulnerabilities
Out-of-scope-vuln: Clickjacking
Out-of-scope-vuln: Physical testing such as office access
Out-of-scope-vuln: Social engineering
Out-of-scope-vuln: UI and UX bugs and spelling mistakes
Out-of-scope-vuln: Network level Denial of Service (DoS/DDoS) vulnerabilities
Out-of-scope-vuln: Low severity issues that can be detected with tools such as Hardenize and SecurityHeaders.io
Out-of-scope-vuln: Reports that state that software is out of date/vulnerable without a proof of concept
Out-of-scope-vuln: Host header issues without an accompanying proof-of-concept demonstrating vulnerability
Out-of-scope-vuln: XSS issues that affect only outdated browsers
Out-of-scope-vuln: Stack traces that disclose information
Out-of-scope-vuln: Highly speculative reports about theoretical damage
Out-of-scope-vuln: Reports from automated web vulnerability scanners that have not been validated
Out-of-scope-vuln: Content injection issues
Out-of-scope-vuln: Cross-site Request Forgery (CSRF) with minimal security implications
Out-of-scope-vuln: Missing cookie flags on non-security-sensitive cookies
Out-of-scope-vuln: Banner grabbing issues
Out-of-scope-vuln: Open ports without an accompanying proof-of-concept demonstrating vulnerability
Out-of-scope-vuln: Recently disclosed 0day vulnerabilities
Out-of-scope-vuln: Issues in third-party services

# Rewards
Reward: Critical-500
Reward: High-100
Reward: Medium-swag
Reward: Low-hof
Reward: None-hof

# If you have any questions concerning our program, feel free to send us an email at [email protected].
# Please do not send reports by email and make sure not to disclose sensitive information in the email.
Contact: [email protected]

# Our HackerOne program
Platform: https://hackerone.com/gratipay

0 comments on commit c279b33

Please sign in to comment.