Merge pull request #9687 from cli/kw/improve-security.md-encourage-pocs-and-investigation
Improve `SECURITY.md` with expectations for privately reported vulnerabilities
This commit is contained in:
Kynan Ware
GitHub
commit
dae074049a
1 changed files with 4 additions and 1 deletions
5
.github/SECURITY.md
vendored
5
.github/SECURITY.md
vendored
|
|
@ -2,7 +2,10 @@ GitHub takes the security of our software products and services seriously, inclu
|
|||
|
||||
If you believe you have found a security vulnerability in GitHub CLI, you can report it to us in one of two ways:
|
||||
|
||||
* Report it to this repository directly using [private vulnerability reporting][]. Such reports are not eligible for a bounty reward.
|
||||
* Report it to this repository directly using [private vulnerability reporting][].
|
||||
* Include a description of your investigation of the GitHub CLI's codebase and why you believe an exploit is possible.
|
||||
* POCs and links to code are greatly encouraged.
|
||||
* Such reports are not eligible for a bounty reward.
|
||||
|
||||
* Submit the report through [HackerOne][] to be eligible for a bounty reward.
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue