0ct0pu5/anonaddy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
anonaddy/SECURITY.md
Will Browning c98e636f54 Updated config
2023-10-05 10:47:16 +01:00

45 lines
No EOL
2 KiB
Markdown
Raw Permalink Blame History

If you believe you've found a security issue in the addy.io product or service, I encourage you to
notify me. I welcome working with you to resolve the issue promptly. Thanks in advance!
# Disclosure Policy
- Let me know as soon as possible upon discovery of a potential security issue, and I'll make every
effort to quickly resolve the issue.
- Provide me with a reasonable amount of time to resolve the issue before any disclosure to the public or a
third-party. I may publicly disclose the issue before resolving it, if appropriate.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
degradation of the service. Only interact with accounts you own or with explicit permission of the
account holder.
- If you would like to encrypt your report, please use the PGP key with fingerprint
`E652C2DB43859328F35575DEBF7B93C6497510D0` (available on the openpgp.org keyserver).
# Reporting a Vulnerability
To report a vulnerability please send an email to contact (at) help.addy.io, you can use the PGP key above if you wish to encrypt it.
# In-scope
- Security issues in any current release of addy.io. This includes the web application, browser extension,
and landing page. Source code is available at https://github.com/anonaddy.
# Exclusions
The following bug classes are out-of scope:
- Bugs that are already reported on any of addy.io's issue trackers (https://github.com/anonaddy),
or that I already know of.
- Attacks requiring physical access to a user's device.
- Self-XSS
- Issues related to software or protocols not under addy.io's control
- Vulnerabilities in outdated versions of addy.io
- Missing security best practices that do not directly lead to a vulnerability
- Issues that do not have any impact on the general public
While researching, I'd like to ask you to refrain from:
- Denial of service
- Spamming
- Social engineering (including phishing) of addy.io emails
- Any physical attempts against addy.io property or data centers
Thank you for helping keep addy.io and its users safe!
Reference in a new issue View git blame Copy permalink