Skip to content

Latest commit

 

History

History
26 lines (15 loc) · 1.45 KB

SECURITY.md

File metadata and controls

26 lines (15 loc) · 1.45 KB

Veil's Security HowTo

We appreciate your help in finding bugs and identifying vulnerabilities in Veil! Please don't post security issues in the public issue tracker and use the contacts mentioned below instead.

Responsible Disclosure

For all security related issues, Veil has three main points of contact:

Please send all communications to those parties and expect a reply within 72h.

Scope

The Veil project is committed to the best practices around safe harbor for good-faith security research outlined at http://disclose.io/. There is nothing considered out-of-scope for testers and researchers following the rules outlined in this policy.

Disclosure Policy

Vulnerability details may be shared with third parties after the vulnerability has been fixed and the program owner has provided permission to disclose or after 90 days from submission, whichever is sooner.

Rewards & Recognition

We are currently working on the creation of a formal reward policy. Until this policy is available, we will decide on a case to case basis and researchers should not expect a specific reward. Veil project is nonetheless grateful for all legitimate discoveries of vulnerabilities, and is happy to acknowledge the vulnerability and the researchers after a fix has been widely deployed.