The RootstockCollective team and community take security vulnerabilities very seriously. Although this project is currently in its bootstrapping phase (MVP) and falls outside the scope of a Bug Bounty Program, we sincerely appreciate your responsible disclosure and will make every effort to acknowledge your contributions.
For all security related issues, use the GitHub Security Advisory "Report a Vulnerability" tab.
The RootstockCollective team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Ensure the bug was not already reported by searching on GitHub under Issues.
RootstockCollective will make a best effort to meet the following response times for reported vulnerabilities:
- Time to first response (from report submit) - 5 business days
- Time to triage (from report submit) - 7 business days
We'll try to keep you informed about our progress throughout the process.
- Public disclosure of a vulnerability makes it ineligible for a bounty.