mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-04 08:32:49 +03:00
docs: update-rewards-for-disclosures.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/10770 Co-authored-by: Rob Dominguez <24390149+robertjdominguez@users.noreply.github.com> GitOrigin-RevId: 73d7ff33ca66d3e57b391acbd0d506784249f354
This commit is contained in:
parent
adbc6b53d9
commit
89db601cfd
@ -28,14 +28,22 @@ emails about security announcements.
|
||||
We’re extremely grateful for security researchers and users who report vulnerabilities to the Hasura community. All
|
||||
reports are thoroughly investigated by the Hasura team.
|
||||
|
||||
To report a security issue, please email us at <security@hasura.io> with details, if possible attaching relevant
|
||||
information. The more details we have, the quicker will we be able to fix potential vulnerabilities.
|
||||
To report a security issue, please email us at <security@hasura.io> with the vulnerability details, and attach the
|
||||
relevant information including screenshots/videos. The more details we have, the quicker will we be able to fix any
|
||||
potential vulnerabilities.
|
||||
|
||||
We do not currently have a bug bounty program, however, for valid high and critical severity issues we may, at our
|
||||
discretion, choose to award a bounty. Please see our guidance at the bottom of the page for types of vulnerabilities
|
||||
which are in and out of scope. Do not use social engineering and make a good faith effort to avoid privacy violations,
|
||||
destruction of data, and interruption or degradation of our service. If you should accidentally do any of these things,
|
||||
stop immediately and report the issue.
|
||||
Hasura does not provide monetary reward for vulnerability disclosures however, at our sole discretion, we may make
|
||||
exceptions to this policy for exceptional contributions.
|
||||
|
||||
You may be eligible for a reward if it requires a severe code/configuration change from our side. The rewards can be
|
||||
both monetary or swag.
|
||||
|
||||
Please reference our guidance at the bottom of the page for the types of vulnerabilities that are in and out-of-scope.
|
||||
|
||||
Do not use social engineering techniques and make a good faith effort to avoid any privacy violations, destruction of
|
||||
data, and interruption or degradation of our service.
|
||||
|
||||
If you should accidentally do any of these things, please stop immediately and report the issue.
|
||||
|
||||
### When should I report a vulnerability?
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user