docs: update-rewards-for-disclosures.

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/10770
Co-authored-by: Rob Dominguez <24390149+robertjdominguez@users.noreply.github.com>
GitOrigin-RevId: 73d7ff33ca66d3e57b391acbd0d506784249f354
This commit is contained in:
Dhruvil Joshi 2024-04-09 18:25:27 -04:00 committed by hasura-bot
parent adbc6b53d9
commit 89db601cfd
2 changed files with 19 additions and 7 deletions

View File

@ -28,14 +28,22 @@ emails about security announcements.
Were extremely grateful for security researchers and users who report vulnerabilities to the Hasura community. All
reports are thoroughly investigated by the Hasura team.
To report a security issue, please email us at <security@hasura.io> with details, if possible attaching relevant
information. The more details we have, the quicker will we be able to fix potential vulnerabilities.
To report a security issue, please email us at <security@hasura.io> with the vulnerability details, and attach the
relevant information including screenshots/videos. The more details we have, the quicker will we be able to fix any
potential vulnerabilities.
We do not currently have a bug bounty program, however, for valid high and critical severity issues we may, at our
discretion, choose to award a bounty. Please see our guidance at the bottom of the page for types of vulnerabilities
which are in and out of scope. Do not use social engineering and make a good faith effort to avoid privacy violations,
destruction of data, and interruption or degradation of our service. If you should accidentally do any of these things,
stop immediately and report the issue.
Hasura does not provide monetary reward for vulnerability disclosures however, at our sole discretion, we may make
exceptions to this policy for exceptional contributions.
You may be eligible for a reward if it requires a severe code/configuration change from our side. The rewards can be
both monetary or swag.
Please reference our guidance at the bottom of the page for the types of vulnerabilities that are in and out-of-scope.
Do not use social engineering techniques and make a good faith effort to avoid any privacy violations, destruction of
data, and interruption or degradation of our service.
If you should accidentally do any of these things, please stop immediately and report the issue.
### When should I report a vulnerability?

4
yarn.lock Normal file
View File

@ -0,0 +1,4 @@
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1