Skip to content

Security: occrp/id-backend

Security

Report a vulnerability

SECURITY.md

Security policies and procedures

This document outlines security procedures and general policies for the Investigative Dashboard project.

Responsible disclosure policy

When disclosing security issues to us, please follow RFPolicy 2.0. The point of contact is [email protected], PGP/GPG fingerprint:

8AA2 D5B4 A0B5 B3DA E547 238C 5237 8B24 FB18 D161

In short:

  • Please send information about security issues to: [email protected]
  • Please allow up to 5 working days for us to contact you
  • We will co-ordinate with you on the advisory and security fix release date

As a non-profit we are sadly unable to offer any compensation for disclosed security issues. We will however gladly give credit to anyone responsibly disclosing a security issue to us.

Please report security bugs in third-party modules as well to the person or team maintaining the module.

Comments on this policy

If you have suggestions on how this process could be improved please submit a pull request.

There aren’t any published security advisories