Skip to content

Commit

Permalink
Create SECURITY.md (#4424)
Browse files Browse the repository at this point in the history 
Adds basic responsible disclosure instructions
  • Loading branch information
@lrettig
lrettig committed May 24, 2023
1 parent 679de17 commit 2a36d04
Showing 1 changed file with 72 additions and 0 deletions.
72 changes: 72 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
## Spacemesh Security

We take security very seriously at Spacemesh. We welcome any peer review of our 100% open source code to ensure Spacemesh is never compromised or hacked.

### Where should I report security issues?

**Please do not file a public ticket** mentioning the vulnerability. In order to give the community time to respond and upgrade we strongly urge you report all security issues privately.

To find out how to disclose a vulnerability in Spacemesh email `[email protected]`. Please read the [disclosure page](https://github.com/spacemeshos/go-spacemesh/security/advisories?state=published) for more information about publicly disclosed security vulnerabilities.

Please use our vulnerability disclosure program at Hacker One (to be launched soon) to provide details and repro steps and we will respond ASAP. If you are unable to use Hacker One, email us directly at `[email protected]` with details and repro steps. Security issues *always* take precedence over bug fixes and feature work. We can and do mark releases as "urgent" if they contain serious security fixes.

**Please note:** Due to a significant number of low quality security reports sent via email, we are unlikely to act on security reports sent to us via email unless they come from a trusted source, and include details on the vulnerability and step by step instructions to reproduce it. Theoretical reports without a proof of concept are not accepted. We strongly recommend you follow the Hacker One submission protocols.

The following key may be used to communicate sensitive information to developers.

Fingerprint: `704F 25DE 6832 C97A 6355 3C1D 1D63 2B17 391D CD2E`

```
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGRuc+EBEACrE9vBrwnsEtgBCiv5GME/N5iK9elG8EoFXQifidwyKzDwwAB+
3JgmIiDJ96/W3e3vpRoJjrPzjfC0YiV0KHymZ4IGDpPxF0xzhCDcjR+tcFxE6SNM
UWBxzhGqKfCAG/VTOhZiLTxCtt+L7wRfwCOXtaZ3XBIoGm3dPguQvvdj3P95evUo
LaRx9Vw+gJ8J7zm+e+BHcduGhfkNAB4wExjM0D7oq30lk99VJ/pkxW4t74hYL88n
F/3hyzC1TvFGGNmtOC/jluO1/B5P0IJSlegA/KOw8LmpBdJRiB16W2fNeHz3tSSA
D3oImTmBZxFuSi/gcilI6Sps7/BewQHpT9SG16+jgoi7JI82us0vXIdZowz4zb9D
L/xMTI3prTqWWQsU8qJSQg42rCXK6KiyQjblKIS3BDGvEm+2hM81mo90XkLs9D0d
ugKYBijiMUQaBdinWpDy2mGPDQXPM+mzbTmHaE/e71jImEpQ/F+njxt8C+Iz//sg
+Kqf4XjZ54HQSE1C49Gd9udtwz2xZ7SRZ6opCbt0dy7fp4ZgxkDx72oW0pXY4xkU
VmyYeKE1DSihi4iSeA47aNm7fsG8mRX7Bdr5dvWs1SGallK3ymC7iu96jeg+PNN7
qJEOKqKMAaQ2nnDFb42sIopav80ToaY/TI0pSGCWrKZXbVDa8D7byI4/aQARAQAB
tERTcGFjZW1lc2ggU2VjdXJpdHkgKFJlc3BvbnNpYmxlIGRpc2Nsb3N1cmVzKSA8
c2VjdXJpdHlAc3BhY2VtZXNoLmlvPokCVAQTAQoAPhYhBHBPJd5oMsl6Y1U8HR1j
Kxc5Hc0uBQJkbnPhAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
EB1jKxc5Hc0uw2MP/2HRVE0XNPopo+HRxrRuUDYRVMygA5FjnFBaw3Qcr4BNX2Qq
VOMjA13sHGKVha/on85SNwRIkXt0piVVbE5aBc0JSdRv5Gl1jmOgIQrLd97UQjry
T9Z7mUXFmAfEXThDjsjZ0pUUOjKZ+fIHTGg8f4O8yOgZamSAAHd+lu3SiG54FWp/
dohPEfxOyX7vHD+ARqhaIktG8tHhzf7+bL5z3n49ur8VYnfO2WZWIn3O0GOPjmd4
AHQ9WcLdLVrN8872prLN0iMUDzGx9P3rY6xoRR42797cmLyoRDO0ftCpZAc6TJMd
te6VBiS4e+KTwqZ2hQHFdKoArOAsUh1cw9uzKj8IY3oLfELSSejWAaWYL9qCbzwZ
eK8HJZwVZyrjh98eADKCkNT8/FNYkvC/vbc5IkTXAjp0ei3ZF+ggl73EU1iCrcn7
K2NLAU4aSdNx4M5Bb2VivkxNp70oVI0x61wWLZ1ix8J/Xvvq5NuoR9hUWS2S5Xl7
ViFGsjJD1sqerfe/kQaEFqqCsXXjbTZKYg74uO06Y9SVVNprZtoRQ5Y9jGoFiYxQ
VNGzjcAdYY9NEeEJnl+/l3+zmT9AqaMQRljMHfVRD02r9l9MeXeqJyvtBCZpQkxx
dsCEOdRkw5YWc9HMzqJZxDCd0TeW+KFJyM3JGlexBFZ5AYUmPXQgJtsqzGJzuQIN
BGRuc+EBEAC6isgRPSsoqen/EWBPUC0uAxI48XgPqeho9puUn+LUHK1fjVuj+FQG
0wEw87oDhPDXul+P4XUyQhaywlIUIpJ6oPmkBihHLFcAX8m7XK0VUy7OqBqdtuMO
7OW5uHAOYWAbUhRyymzV+FZX9f+QsrQI9CJ3icTqvi6ugnyB4g1FTQJ9np6hHTje
47/HJHW98EMFt5OWRVrwV3TDJLCv25jpUss5dDq55t5UZI8dGYQB+xmL6zj5xxHY
f6s/aICxpxucuGOqpoOPSkjAJju4nRm24Y+vl7vLJh5gMBJiEiPywdCh7idXHxQ1
k8uy+sPoyUW1GUhiP5Kxk81CP+6HByJTLqVjURTM11n2idPfF9JXjddSe7FNkjy9
WbHKftZ2cT0wW95zakdJjcz1TCcX8goa83PLSOWRBtpU2FH/6oAMqt/MtvqvVlME
7Vt3Pb1WdACmQKy/jJ897qxO+xH9zi/DgDEupcDj47LOeYP0lwzlAy/Xnz9vdgp/
/m8zJ+/spm9JspFgIorjprTDwJj8/GwlQ/fBGNqBME54BHOYM6Q+CmHGiG8mB4kO
+XCbC9UPayY6ZBI6P2C3gSC0BHewXeePzCuiUsb7ZsX1JkIM46ZRMJLIfi0hQ881
xaK/S+MVU/UGldk2YO8VP7NiAplsNS79flw9biwqfocTn2Z1IHqPwQARAQABiQI8
BBgBCgAmFiEEcE8l3mgyyXpjVTwdHWMrFzkdzS4FAmRuc+ECGwwFCQlmAYAACgkQ
HWMrFzkdzS7zzQ/+LkfDEjhXZCZKo9zK9rp9VmugsAo3CoDg34jJxVT15Q5EJvav
vXlmRCJ5OE9s5hB5hyZoBX8cIJbOQ9mVQ6hsaOcpc/HMYv2kJYMG0F7GGTdyC1c7
sSN4C9Xi03fDalOESJnxVM0Yw5vYlJCRGhyz8731PQwjdBQofAbIoIBIXz4B0qgV
+6SNrRDbbjYSAJu/SXBBfIX8kurhNrpWsfc+pePFPMZ0/+VRwR/beDe9g4+YZ+JE
7gyUdu1Z+v8sktHx+0nGvLwfA1TafaOmVlOPQWC5dq3jRuQbGZmP4mvIxYhF2IDg
sozr85HtzVoNmjdj1bERmLmAYrLZel2A5nSEYX07UoMm4CMwnNugSziWuwu8uHzh
Ij1RmTA0Z6z40hTsgHHVHK0RB0XaOKrnO6E8ErCtjWwueNvWu4G6cqOn73xcdoCR
4KMaxYA5Obr4CU8az5Efnq27zsI0hbTVVLlU4tlxykh9LLdccySRQHTBKXLTESeu
SYZw1j7u6vn6JJU9/kllTKDmGI/T9UeM5oYa6y3FgfMnU+dgxjr8C3g/OxZBaAM8
DgC8kS5nBAqyWuPbmvaPSOILu00rLCTzr1NP8eac3TyGFLAsSL0U5QKJq86GF9un
GJu5VmGutR6cmFvnsmwR/BeXISUH2308kuxBgPfNUPyhWQMRNUhqAbLEujM=
=Pi0W
-----END PGP PUBLIC KEY BLOCK-----
```

0 comments on commit 2a36d04

Please sign in to comment.