-
Notifications
You must be signed in to change notification settings - Fork 158
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #983 from near/981-add-security-md
Add SECURITY.md file
- Loading branch information
Showing
1 changed file
with
24 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# Reporting Security Vulnerabilities | ||
|
||
NEAR values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users. | ||
|
||
Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to [email protected], preferably with a proof of concept. | ||
|
||
We ask that you do not use other channels or contact project contributors directly. | ||
|
||
Non-vulnerability-related security issues, such as new ideas for security features, are welcome on GitHub Issues. | ||
|
||
## Security Updates, Alerts and Bulletins | ||
Security updates will be released on a regular cadence. Security updates are released on the Tuesday closest to the 17th day of January, April, July, and October. A pre-release announcement will be published on the Thursday preceding each release. | ||
|
||
## Security-Related Information | ||
We will provide security-related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may need to be sufficiently hardened for production use. | ||
|
||
## BugBounty Program | ||
NEAR uses HackenProof as a conduit for reporting defects and vulnerabilities as well. To report a vulnerability that you believe you have discovered in the Near or Pagoda platform, please use one of the following programs to report it: | ||
- NEAR Protocol: (https://hackenproof.com/near/near-protocol) | ||
- NEAR Web (Medium): (https://hackenproof.com/near/near-web-medium)j | ||
- NEAR Smart Contract (Medium): (https://hackenproof.com/near/near-smart-contract-medium) | ||
- NEAR Smart Contract (High): (https://hackenproof.com/near/near-smart-contract-high) | ||
- NEAR Smart Contract (Critical): (https://hackenproof.com/near/near-smart-contracts-critical) | ||
- NEAR Foundation Web (Low): (https://hackenproof.com/near/near-foundation-web-low) |