mirror of
https://github.com/twentyhq/twenty.git
synced 2024-12-22 11:31:39 +03:00
7192457d0a
Add a security policy and email address to the repo
32 lines
1.8 KiB
Markdown
32 lines
1.8 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
We strongly encourage reporting any potential vulnerabilities.
|
|
|
|
If you suspect a vulnerability, please take the following steps:
|
|
- Contact us immediately at `security at twenty.com`.
|
|
- Include a comprehensive description of the potential vulnerability and steps to reproduce the issue, if possible. The more information you can provide, the quicker we can address the problem.
|
|
|
|
Our commitment is to respond to your initial report within one business day.
|
|
While we're addressing the issue, we kindly request you to maintain confidentiality about the vulnerability to ensure the security of all users.
|
|
Please refrain from exploiting the vulnerability or revealing the problem to others.
|
|
|
|
While we don't currently have a formal bug bounty program due to the project's nascent stage, we can assure you that:
|
|
|
|
- Your report will be responded to within one business day.
|
|
- Your report and all accompanying data will be handled with utmost confidentiality.
|
|
- We greatly appreciate your contribution and would be happy to acknowledge your role in the vulnerability fix, should you choose to be identified.
|
|
- We will grant you permission to publicly discuss your findings after the patch has been released and a reasonable time has passed for users to implement it.
|
|
- We (obviously) guarantee that we will not pursue any legal action as long as the vulnerability is not exploited.
|
|
|
|
## Security Features
|
|
We are always looking for ways to improve our product's security.
|
|
If you have any recommendations or feature request that could enhance the product's security, we invite you to share them with us via the dicsussion forum.
|
|
|
|
⚠️ Note this does not apply to security vulnerabilities. If you're in doubt, then always follow the security vulnerability process
|
|
|
|
|
|
|
|
|