mirror of
https://github.com/ChristianLight/tutor.git
synced 2025-01-09 00:21:11 +00:00
431ddc97fb
* docs: Create SECURITY.md
1018 B
1018 B
Tutor Ethical Vulnerability Disclosure Policy
Reporting a Vulnerability
To ensure the health of the codebase and the larger Open edX and Tutor communities, please do not create GitHub issues for a security vulnerability. Report any security vulnerabilities or concerns by sending an email to security.tutor@edly.io. To ensure a timely triage and fix of the security issue, include as many details you can when reporting the vulnerability. Some pieces of information to consider:
- The nature of the vulnerability, e.g.
- Authentication and Authorization
- Data Integrity and Confidentiality
- Security Configurations
- Third-party dependencies
- The impact of the security risk
- A detailed description of the steps necessary to reproduce the issue
- The links to the vulnerable code
- The links to third-party libraries/packages if the vulnerability is present in such a dependency.
Bug Bounty
Edly/Tutor does not offer a bug bounty for reported vulnerabilities.