0ct0pu5/anonaddy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
anonaddy/SECURITY.md
Will Browning fa44ace9cf Added security.md
2019-11-26 17:27:40 +00:00

45 lines
No EOL
2 KiB
Markdown
Raw Permalink Blame History

If you believe you've found a security issue in the AnonAddy product or service, I encourage you to
notify me. I welcome working with you to resolve the issue promptly. Thanks in advance!
# Disclosure Policy
- Let me know as soon as possible upon discovery of a potential security issue, and I'll make every
effort to quickly resolve the issue.
- Provide me with a reasonable amount of time to resolve the issue before any disclosure to the public or a
third-party. I may publicly disclose the issue before resolving it, if appropriate.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
degradation of the service. Only interact with accounts you own or with explicit permission of the
account holder.
- If you would like to encrypt your report, please use the PGP key with fingerprint
`5FCAFD8A67D2A783CFF4D0E31AC6D923E6FB4EF7` (available on the openpgp.org keyserver).
# Reporting a Vulnerability
To report a vulnerability please send an email to contact@anonaddy.com, you can use the PGP key above if you wish to encrypt it.
# In-scope
- Security issues in any current release of AnonAddy. This includes the web application, browser extension,
and landing page. Source code is available at https://github.com/anonaddy.
# Exclusions
The following bug classes are out-of scope:
- Bugs that are already reported on any of AnonAddy's issue trackers (https://github.com/anonaddy),
or that I already know of.
- Attacks requiring physical access to a user's device.
- Self-XSS
- Issues related to software or protocols not under AnonAddy's control
- Vulnerabilities in outdated versions of AnonAddy
- Missing security best practices that do not directly lead to a vulnerability
- Issues that do not have any impact on the general public
While researching, I'd like to ask you to refrain from:
- Denial of service
- Spamming
- Social engineering (including phishing) of AnonAddy emails
- Any physical attempts against AnonAddy property or data centers
Thank you for helping keep AnonAddy and its users safe!
Reference in a new issue View git blame Copy permalink