Skip to content

vend-com/.github

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 

Repository files navigation

Security Policy

This security policy applies to public projects under the vend-com organization on GitHub.

Individual projects may publish their own SECURITY.md. When a project has its own policy, that policy takes precedence for that project.

Reporting a vulnerability

We welcome responsible disclosure of security vulnerabilities, and we appreciate your report.

The preferred way to report a vulnerability in one of our projects is the "Report a vulnerability" button under the "Security" tab of the project on GitHub. This opens a private channel between you and the maintainers.

If a project does not have that option enabled, or your report is not specific to a single project, email us at opensource.security@vend.com. You can also find our contact details in our responsible disclosure policy.

Please do not report a vulnerability through a public issue or pull request.

What to include

A good report helps us fix the issue faster. Where you can, include the following.

  • The project and version or commit affected.
  • A description of the vulnerability and its impact.
  • Steps to reproduce it, or a proof of concept.
  • Any suggested fix or mitigation.

Bug bounty

We run a private bug bounty program. If you submit a valid vulnerability through GitHub private vulnerability reporting, we may invite you to the program.

About

No description, website, or topics provided.

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors