From d857cc9bb15ffa586dc65a55563cca98f962f00a Mon Sep 17 00:00:00 2001 From: kujtimprenkuSQA Date: Wed, 25 Oct 2023 13:37:56 +0200 Subject: [PATCH] Add security.md file The content of the file is the same as in https://github.com/near/wallet-selector/security/policy --- SECURITY.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..8eb057f48 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,24 @@ +# Reporting Security Vulnerabilities + +NEAR values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users. + +Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to security@near.org, preferably with a proof of concept. + +We ask that you do not use other channels or contact project contributors directly. + +Non-vulnerability-related security issues, such as new ideas for security features, are welcome on GitHub Issues. + +## Security Updates, Alerts and Bulletins +Security updates will be released on a regular cadence. Security updates are released on the Tuesday closest to the 17th day of January, April, July, and October. A pre-release announcement will be published on the Thursday preceding each release. + +## Security-Related Information +We will provide security-related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may need to be sufficiently hardened for production use. + +## BugBounty Program +NEAR uses HackenProof as a conduit for reporting defects and vulnerabilities as well. To report a vulnerability that you believe you have discovered in the Near or Pagoda platform, please use one of the following programs to report it: +- NEAR Protocol: (https://hackenproof.com/near/near-protocol) +- NEAR Web (Medium): (https://hackenproof.com/near/near-web-medium)j +- NEAR Smart Contract (Medium): (https://hackenproof.com/near/near-smart-contract-medium) +- NEAR Smart Contract (High): (https://hackenproof.com/near/near-smart-contract-high) +- NEAR Smart Contract (Critical): (https://hackenproof.com/near/near-smart-contracts-critical) +- NEAR Foundation Web (Low): (https://hackenproof.com/near/near-foundation-web-low)