Skip to content

Latest commit

 

History

History
21 lines (12 loc) · 1.17 KB

SECURITY.md

File metadata and controls

21 lines (12 loc) · 1.17 KB

Security Policy

This is still a work in progress. Comments, suggestions, etc. are all welcome.

Supported Versions

Nothing yet is officially released is supported, but once the community has enough adoption, and this project is being used for more production-criticial things, we'll need to outline what is supported, and to what degree.

Reporting a Vulnerability

The community should always know, first and foremost, if there's ever any hint of a vulnerability, even if there is a risk of a zero-day exploit.

That said, at some point, we want to build up a bug bounty and formalize that, so users can feel more confident in trusting this project and those who make it.

What constitute a security issue?

  • Anything that substantially violates a user's privacy in unexpected ways, or at least, in ways that aren't communicated well
  • Anything that can have potential unaddressed legal or community-facing complications.
  • Anything that can result in the disruption of the network, in loss of data, or other forms of harm.

Some things we can't do anything about, or at least, not yet, but the very least we could do is formally address any potential concerns. Contributions welcome.