Skip to content

Commit

Permalink
Merge pull request #127 from GSA-TTS/121-security-policy
Browse files Browse the repository at this point in the history
Update SECURITY.md
  • Loading branch information
wesley-dean-gsa authored Jul 29, 2024
2 parents bae30cc + 33a112b commit 13f669f
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,11 @@ Please note that only certain branches are supported with security updates.

When using this code or reporting vulnerabilities please only use supported
versions.

## Security Researchers

Security researchers shall:

* Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
* Only use exploits to the extent necessary to confirm a vulnerability. Do not use an exploit to compromise or exfiltrate data, establish command line access and/or persistence, or use the exploit to "pivot" to other systems. Once you've established that a vulnerability exists, or encountered any of the sensitive data outlined above, you must stop your test and notify us immediately.
* Keep confidential any information about discovered vulnerabilities for up to 90 calendar days after you have notified GSA. For details, please review Coordinated Disclosure.

0 comments on commit 13f669f

Please sign in to comment.