swift-server/RediStack
1
0
Fork 0
mirror of https://github.com/swift-server/RediStack.git synced 2026-05-03 07:32:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
RediStack/SECURITY.md
T
Nathan Harris 2cc63ec8f2 [Docs] Add security policy
2021-06-01 14:05:30 -07:00

1.8 KiB
Raw Permalink Blame History

Security Policy

Security is the top priority for this library and any report will be treated as urgent.

After sending a report, you should expect a response within 7 calendar days. If you have not, please file a secondary report with the SSWG using sswg-security-reports@forums.swift.org.

Once a report has been received, and determined to be a valid issue, a fix should be released no later than 14 calendar days from the date it was determined as valid.

After a fix has been implemented, a CVE request will be filed with GitLab and issued according to GitLab's CVE policies.

Once the fix has been released, the original report may become public.

Reporting Issues

If you have discovered a vulnerability in the project, please send your report directly to support@redistack.info

Please prefix your subject line with [SECURITY]

These reports are immediately filed as confidential and only you and those with report access will see any conversation from your initial report.

Example:

To: support@redistack.info
From: reporter@email.com
Subject: [SECURITY] DDOS Potential with PubSub
Body:
The current way that PubSub is implemented leaves the opportunity for a bad actor to cause a denial-of-service by...

For tips on writing your vulnerability reports, refer to How to Write a Better Vulnerability Report, by Vickie Li

Report Access

All project members, which includes SSWG representatives, are able to view confidential issues reported by following this security policy.

Reference in New Issue View Git Blame Copy Permalink