gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs: update guidelines for reporting security issues (#44541)

Browse Source
This commit is contained in:
Mrugesh Mohapatra
2021-12-21 22:11:53 +05:30
committed by GitHub
parent 9b806c4eec
commit 198150217a
4 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/security-hall-of-fame.md Normal file
View File

@ -0,0 +1,12 @@
# Responsible Disclosure - Hall of Fame
We appreciate any responsible disclosure of vulnerabilities that might impact the integrity of our platforms and users.
While we do not offer any bounties or swags at the moment, we are grateful to these awesome people for helping us keep the platform safe for everyone:
- Mehul Mohan from [codedamn](https://codedamn.com) ([@mehulmpt](https://twitter.com/mehulmpt)) - [Vulnerability Fix](https://github.com/freeCodeCamp/freeCodeCamp/blob/bb5a9e815313f1f7c91338e171bfe5acb8f3e346/client/src/components/Flash/index.js)
- Peter Samir https://www.linkedin.com/in/peter-samir/
> ### Thank you for your contributions :pray:
If you are interested in contributing to the security of our platform, please read our [security policy outlined here](https://contribute.freecodecamp.org/#/security).

21
docs/security.md Normal file
View File

@ -0,0 +1,21 @@
# Security Policy
This document outlines our security policy for the codebase, and how to report vulnerabilities.
## Versions
| Version | Branch | Supported | Website active |
| ----------- | -------------- | ------------------ | ---------------- |
| production | `prod-current` | :white_check_mark: | freecodecamp.org |
| beta | `prod-staging` | :white_check_mark: | freecodecamp.dev |
| development | `main` | | |
## Reporting a Vulnerability
If you think you have found a vulnerability, _please report responsibly_. Don't create GitHub issues for security issues. Instead, please send an email to `security@freecodecamp.org` and we'll look into it immediately.
We appreciate any responsible disclosure of vulnerabilities that might impact the integrity of our platforms and users.
While we do not offer any bounties or swags at the moment, we'll be happy to list your name in our [Hall of Fame](https://contribute.freecodecamp.org/#/security-hall-of-fame) list, provided the reports are not low-effort for example: using tools & online utilities to report SFP configurations, or SSL Server tests, etc. We consider those in the category of ["beg bounties"](https://www.troyhunt.com/beg-bounties/).
Ensure that you are using the **latest**, **stable** and **updated** version of the Operating System and Web Browser available to you on your machine.