You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DFINITY takes the security of our software products seriously, which includes all source code repositories under the [DFINITY](https://github.com/dfinity) GitHub organization.
4
+
5
+
> [!IMPORTANT]
6
+
> [DFINITY Foundation](https://dfinity.org) has a [Internet Computer (ICP) Bug Bounty program](https://dfinity.org/bug-bounty/) that rewards researchers for finding and reporting vulnerabilities in the Internet Computer. Please check the scope and eligibility criteria outlined in the policy to see if the vulnerability you found qualifies for a reward.
7
+
8
+
## How to report a vulnerability
9
+
10
+
We appreciate your help in keeping our projects secure.
11
+
If you believe you have found a security vulnerability in any of our repositories, please report it responsibly to us as described below:
12
+
13
+
1.**Do not disclose the vulnerability publicly.** Public disclosure could be exploited by attackers before it can be fixed.
14
+
2.**Send an email to securitybugs@dfinity.org.** Please include the following information in your email:
15
+
* A description of the vulnerability
16
+
* Steps to reproduce the vulnerability
17
+
* Risk rating of the vulnerability
18
+
* Any other relevant information
19
+
20
+
We will respond to your report within 72 hours and work with you to fix the vulnerability as soon as possible.
21
+
22
+
### Security Updates
23
+
24
+
We are committed to fixing security vulnerabilities in a timely manner. Once a security vulnerability is reported, we will:
25
+
26
+
* Investigate the report and confirm the vulnerability.
27
+
* Develop a fix for the vulnerability.
28
+
* Release a new version of the project that includes the fix.
29
+
* Announce the security fix in the project's release notes.
30
+
31
+
## Preferred Language
32
+
33
+
We prefer all communications to be in English.
34
+
35
+
## Disclaimer
36
+
37
+
This security policy is subject to change at any time.
0 commit comments