Skip to content

Latest commit

 

History

History
13 lines (10 loc) · 974 Bytes

SECURITY.md

File metadata and controls

13 lines (10 loc) · 974 Bytes

Guidelines

We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:

  • Follow HackerOne's disclosure guidelines.
  • Pen-testing Production:
    • Please setup a local environment instead whenever possible. Most of our code is open source (see above).
    • If that's not possible, limit any data access/modification to the bare minimum necessary to reproduce a PoC.
    • Don't automate form submissions! That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
    • To be eligible for a bounty, please follow all of these guidelines.
  • Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.

We also expect you to comply with all applicable laws.