mirror of
https://github.com/ChristianLight/tutor.git
synced 2025-01-09 08:30:18 +00:00
20 lines
1018 B
Markdown
20 lines
1018 B
Markdown
|
# Tutor Ethical Vulnerability Disclosure Policy
|
||
|
|
|
||
|
|
|
||
|
|
## Reporting a Vulnerability
|
||
|
|
|
||
|
|
To ensure the health of the codebase and the larger Open edX and Tutor communities, please do not create GitHub issues for a security vulnerability. Report any security vulnerabilities or concerns by sending an email to [security.tutor@edly.io](mailto:security.tutor@edly.io). To ensure a timely triage and fix of the security issue, include as many details you can when reporting the vulnerability. Some pieces of information to consider:
|
||
|
|
|
||
|
|
* The nature of the vulnerability, e.g.
|
||
|
|
* Authentication and Authorization
|
||
|
|
* Data Integrity and Confidentiality
|
||
|
|
* Security Configurations
|
||
|
|
* Third-party dependencies
|
||
|
|
* The impact of the security risk
|
||
|
|
* A detailed description of the steps necessary to reproduce the issue
|
||
|
|
* The links to the vulnerable code
|
||
|
|
* The links to third-party libraries/packages if the vulnerability is present in such a dependency.
|
||
|
|
|
||
|
|
## Bug Bounty
|
||
|
|
Edly/Tutor does not offer a bug bounty for reported vulnerabilities.
|