gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs: update guidelines for reporting security issues (#44541)

Browse Source
This commit is contained in:
Mrugesh Mohapatra
2021-12-21 22:11:53 +05:30
committed by GitHub
parent 9b806c4eec
commit 198150217a
4 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
HoF.md
View File

@ -1,7 +0,0 @@
# Responsible Disclosure
We appreciate any responsible disclosure of vulnerabilities that might impact the integrity of our platforms and users. While we do not offer any bounties or swags at the moment, we are grateful to these awesome people for helping us keep the platform safe for everyone:
- Mehul Mohan from [codedamn](https://codedamn.com) ([@mehulmpt](https://twitter.com/mehulmpt)) - [Vulnerability Fix](https://github.com/freeCodeCamp/freeCodeCamp/blob/bb5a9e815313f1f7c91338e171bfe5acb8f3e346/client/src/components/Flash/index.js)
- Peter Samir https://www.linkedin.com/in/peter-samir/
> ### Thank you for your contributions :pray:

4
README.md
View File

@ -168,7 +168,7 @@ If you're confident it's a new bug and have confirmed that someone else is facin
If you think you have found a vulnerability, _please report responsibly_. Don't create GitHub issues for security issues. Instead, please send an email to `security@freecodecamp.org` and we'll look into it immediately. If you think you have found a vulnerability, _please report responsibly_. Don't create GitHub issues for security issues. Instead, please send an email to `security@freecodecamp.org` and we'll look into it immediately.
We appreciate any responsible disclosure of vulnerabilities that might impact the integrity of our platforms and users. While we do not offer any bounties or swags at the moment, we'll be happy to list your name in our [Hall of Fame](HoF.md) for security researchers. We appreciate any responsible disclosure of vulnerabilities that might impact the integrity of our platforms and users. While we do not offer any bounties or swags at the moment, we'll be happy to list your name in our [Hall of Fame](https://contribute.freecodecamp.org/#/security-hall-of-fame) for security researchers.
### Contributing ### Contributing
@ -178,7 +178,7 @@ The freeCodeCamp.org community is possible thanks to thousands of kind volunteer
### Platform, Build, and Deployment Status ### Platform, Build, and Deployment Status
The general platform status for all our applications is available at [`status.freecodecamp.org`](https://status.freecodecamp.org). The build and deployment status for the code is available in [our DevOps Guide](/docs/devops.md). The general platform status for all our applications is available at [`status.freecodecamp.org`](https://status.freecodecamp.org). The build and deployment status for the code is available in [our DevOps Guide](https://contribute.freecodecamp.org/#/devops).
### License ### License

12
docs/security-hall-of-fame.md Normal file
View File

@ -0,0 +1,12 @@
# Responsible Disclosure - Hall of Fame
We appreciate any responsible disclosure of vulnerabilities that might impact the integrity of our platforms and users.
While we do not offer any bounties or swags at the moment, we are grateful to these awesome people for helping us keep the platform safe for everyone:
- Mehul Mohan from [codedamn](https://codedamn.com) ([@mehulmpt](https://twitter.com/mehulmpt)) - [Vulnerability Fix](https://github.com/freeCodeCamp/freeCodeCamp/blob/bb5a9e815313f1f7c91338e171bfe5acb8f3e346/client/src/components/Flash/index.js)
- Peter Samir https://www.linkedin.com/in/peter-samir/
> ### Thank you for your contributions :pray:
If you are interested in contributing to the security of our platform, please read our [security policy outlined here](https://contribute.freecodecamp.org/#/security).

4
SECURITY.md → docs/security.md
View File

@ -14,6 +14,8 @@ This document outlines our security policy for the codebase, and how to report v
If you think you have found a vulnerability, _please report responsibly_. Don't create GitHub issues for security issues. Instead, please send an email to `security@freecodecamp.org` and we'll look into it immediately. If you think you have found a vulnerability, _please report responsibly_. Don't create GitHub issues for security issues. Instead, please send an email to `security@freecodecamp.org` and we'll look into it immediately.
We appreciate any responsible disclosure of vulnerabilities that might impact the integrity of our platforms and users. While we do not offer any bounties or swags at the moment, we'll be happy to list your name in our [Hall of Fame](HoF.md) list. We appreciate any responsible disclosure of vulnerabilities that might impact the integrity of our platforms and users.
While we do not offer any bounties or swags at the moment, we'll be happy to list your name in our [Hall of Fame](https://contribute.freecodecamp.org/#/security-hall-of-fame) list, provided the reports are not low-effort for example: using tools & online utilities to report SFP configurations, or SSL Server tests, etc. We consider those in the category of ["beg bounties"](https://www.troyhunt.com/beg-bounties/).
Ensure that you are using the **latest**, **stable** and **updated** version of the Operating System and Web Browser available to you on your machine. Ensure that you are using the **latest**, **stable** and **updated** version of the Operating System and Web Browser available to you on your machine.