Skip to content

Latest commit

 

History

History
21 lines (11 loc) · 1.6 KB

SECURITY.md

File metadata and controls

21 lines (11 loc) · 1.6 KB

CyberDrain Logo

Security Policy

Supported Versions

Any build that is upped to a release is a supported version and should not have any security bugs. Feel free to report for any of the current releases. If you find an issue in an older release that is already removed feel free to also report this in case of regression, I'd rather know we made a mistake at one point in time and avoid that for the future.

Reporting a Vulnerability

Reporting a vunerability is best done via our Security page. This way all contributors are alerted and we can discuss the issue in private. it'll help in making the fix available as soon as possible without endangering other users of the product.

We will pubicly release any security report after resolution, including all communications, if you'd rather have only the bug report public, please let us know in the report.

Notifications and security advisories

We report any security notification via the Github notication and advisory system. Sponsors that are hosted will also receive a notification in case a major bug has been found.

Bounties and Rewards

This project is an open source sponsorware effort, which makes it hard to create a monetary reward without breaking the bank very quickly. for critical level bugs, that cause RCE/API data leaks/etc I will award a 50 dollar reward. For other bugs, I potentially am able to reward with some swag such as an official CyberDrain T-shirt or hoodie :)