Skip to content

Security: scality/ghaudit

Security

docs/SECURITY.md

Security policy

Reporting a vulnerability

How to report

If you found a vulnerability in our software, please contact our security response team by email at secalert at scality dot com. Only the security response team members will see your email address. We are committed to process emails sent confidentially.

When to report to the mailing list

Depending on the level of risk related to the issue, the security response team mailing list might not be the most appropriate channel to report it.

Sending patches

Contributions are not necessary to report a vulnerability. However, if you wish to send patches, please do so using a confidential communication channel, such as the security response team mailing list, or another negotiated channel.

Credits for your work

We are committed to credit your work when publicly disclosing the vulnerability.

Vulnerability disclosure

Disclaimer: our software comes with absolutely not warranty to non Scality customer.

For critical security vulnerabilities, our customers will be notified before the vulnerability will be publicly disclosed by Scality.

Scality does not commit to any schedule regarding the public disclosure of their security vulnerabilities. Nonetheless, we will try our best to deal with vulnerability public disclosure responsibly in order to maintain a healthy open source community.

There aren’t any published security advisories