Update bug bounty program handler, domains and program response time

rsksmart · Mar 27, 2024 · b28081c · b28081c
1 parent c7db7bd
commit b28081c
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,31 +1,31 @@
-# RSK's Security Process
+# RSK POWHSM Security Process
 
 We're committed to conduct our security process in a professional and civil manner. Public shaming, under-reporting or misrepresentation of vulnerabilities will not be tolerated.
 
 ## Responsible Disclosure
 
-For all security related issues, RSK has two main points of contact. Reach us at <security@iovlabs.org> or refer to our [Bug Bounty Program.](https://www.rsk.co/bounty-program/) **Do not open up a GitHub issue if the bug is a security vulnerability.**
+For all security related issues, RootstockLabs has two main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program.](https://www.rootstocklabs.com/bug-bounty-program) **Do not open up a GitHub issue if the bug is a security vulnerability.**
 
 **Ensure the bug was not already reported** by searching on Github under [Issues](https://github.com/rsksmart/rsk-powhsm/issues).
 
 ## Vulnerability Handling
 
 ### Response Time
 
-RSK will make a best effort to meet the following response times for reported vulnerabilities:
+RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities:
 
-* Time to first response (from report submit) - 24 hours
-* Time to triage (from report submit) - 2 business days
+* Time to first response (from report submit) - 5 business days
+* Time to triage (from report submit) - 7 business days
 * Time to bounty (from triage) - 15 business days
 
 We’ll try to keep you informed about our progress throughout the process.
 
 ### Disclouse Policy
 
 * Follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
-* Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ethereum or ETC) but reports to RSK with considerable delay, then RSK may reduce or cancel the bounty.
+* Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ledger) but reports to RootstockLabs with considerable delay, then RootstockLabs may reduce or cancel the bounty.
 
-For more information check the IOVLabs bounty program policy at [HackerOne](https://hackerone.com/iovlabs)
+For more information check the RootstockLabs bounty program policy at [HackerOne](https://hackerone.com/rootstocklabs)
 
 ## Public Keys