32 lines
1.6 KiB
Markdown
32 lines
1.6 KiB
Markdown
# Security Policy
|
|
|
|
Thank you for your interest in helping us improve the security of our open source products, websites and other properties.
|
|
|
|
We have created this Bug Bounty program to appreciate and reward your efforts.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please report (suspected) security vulnerabilities to
|
|
**[support+security@bsf.io](mailto:support+security@bsf.io)**. You will receive a response from
|
|
us within 48 hours. If the issue is confirmed, we will release a patch as soon
|
|
as possible depending on complexity but historically within a few days.
|
|
|
|
We have [a bug bounty program](https://brainstormforce.com/bug-bounty-program/) too which gives people guidelines on how a report should be reported and how we can reward them for proper reporting.
|
|
|
|
If our team cannot reproduce and verify an issue, a bounty cannot be awarded. To help streamline our intake process, we ask that submissions include:
|
|
|
|
- Description of the vulnerability
|
|
- Steps to reproduce the reported vulnerability
|
|
- Proof of exploitability (e.g. screenshot, video)
|
|
- Perceived impact to another user or the organization
|
|
- Proposed CVSSv3 Vector & Score (without environmental and temporal modifiers)
|
|
- List of URLs and affected parameters
|
|
- Other vulnerable URLs, additional payloads, Proof-of-Concept code
|
|
- Browser, OS and/or app version used during testing
|
|
- Impact of the bug
|
|
|
|
Security reports should be sent to **[support+security@bsf.io](mailto:support+security@bsf.io)**
|
|
|
|
For more details, please [visit this page](https://brainstormforce.com/bug-bounty-program/).
|
|
|
|
Once again, thank you for helping us improve security. We really appreciate it.
|