Merge remote-tracking branch 'origin/master' into nightly

2025-01-10 00:37:54 +00:00 · 2024-03-29 11:09:22 +00:00 · 2024-03-29 11:09:22 +00:00 · afde4d94e9
commit afde4d94e9
parent 0ff65264a8 431ddc97fb
1 changed files with 19 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,19 @@
+# Tutor Ethical Vulnerability Disclosure Policy
+
+
+## Reporting a Vulnerability
+
+To ensure the health of the codebase and the larger Open edX and Tutor communities, please do not create GitHub issues for a security vulnerability. Report any security vulnerabilities or concerns by sending an email to [security.tutor@edly.io](mailto:security.tutor@edly.io). To ensure a timely triage and fix of the security issue, include as many details you can when reporting the vulnerability. Some pieces of information to consider:
+
+* The nature of the vulnerability, e.g.
+  * Authentication and Authorization
+  * Data Integrity and Confidentiality
+  * Security Configurations
+  * Third-party dependencies
+* The impact of the security risk
+* A detailed description of the steps necessary to reproduce the issue
+* The links to the vulnerable code
+* The links to third-party libraries/packages if the vulnerability is present in such a dependency.
+
+## Bug Bounty
+Edly/Tutor does not offer a bug bounty for reported vulnerabilities.