-
Notifications
You must be signed in to change notification settings - Fork 59
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: add security policy to community section (#388)
* docs: add security policy to community section Co-authored-by: Feanil Patel <[email protected]>
- Loading branch information
Showing
3 changed files
with
33 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,3 +5,4 @@ Community Home | |
| :maxdepth: 1 | ||
|
|
||
| release_notes/index | ||
| security_policy/index | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| ######################## | ||
| Open edX Security Policy | ||
| ######################## | ||
|
|
||
| =================================== | ||
| Disclosing a Security Vulnerability | ||
| =================================== | ||
|
|
||
| If you believe that you have discovered a security vulnerability or other suspicious activity relating to the Open edX platform code base, please: | ||
|
|
||
| * report it to the Open edX project by emailing the Open edX Security Working Group at [email protected]; | ||
| * describe the nature of the vulnerability; and | ||
| * provide sufficient detail in your report to enable the Open edX Security Working Group to respond quickly reproduce and understand the vulnerability and respond effectively, including the following (as applicable): | ||
| * a textual description of the steps necessary to reproduce the issue; | ||
| * proof-of-concept code; and | ||
| * links to vulnerable code. | ||
|
|
||
| Upon receipt of your email, the Open edX Security Working Group will acknowledge the receipt of your email, review and triage your security vulnerability, and act accordingly. If necessary, the group will reach out to you for more information. The group will not provide communication on the status of the security vulnerability after it has been reviewed and triaged. | ||
|
|
||
| ========== | ||
| Bug Bounty | ||
| ========== | ||
|
|
||
| The Open edX project does not offer bug bounties for security vulnerability disclosures. | ||
|
|
||
| ============ | ||
| Out of Scope | ||
| ============ | ||
|
|
||
| There are many sites powered by the Open edX platform. If you have found a vulnerability that is specific to an Open edX deployment please contact the operators of that site directly. |