[docs] add SECURITY.md
This commit is contained in:
Maddison Hellstrom
Maddison Hellstrom
parent
4df25389aa
commit
8f95a4c424
|
|
@ -0,0 +1,20 @@
|
||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
To report a low-risk security vulnerability, please [open an issue](https://github.com/b0o/surfingkeys-conf/issues/new).
|
||||||
|
|
||||||
|
To report a medium- to high-risk vulnerability, please email me at `maddy -at- na dot ai`.
|
||||||
|
|
||||||
|
Low-risk is loosely defined as a vulnerability that may cause annoyance to the user.
|
||||||
|
|
||||||
|
Medium-risk is loosely defined as a vulnerability that may:
|
||||||
|
- be used to cause a denial of service to the user, their network, or other networks
|
||||||
|
- require an attacker to have physical access to the user's device
|
||||||
|
|
||||||
|
High-risk is loosely defined as a vulnerability that may be exploited by a remote attacker to:
|
||||||
|
- run arbitrary code on the user's browser or device
|
||||||
|
- exfiltrate private data from the user's browser or device
|
||||||
|
- cause data loss or damage to the user's browser or device
|
||||||
|
|
||||||
|
These are general guidelines; please use your best intuition to decide how to responsibly disclose any security issue.
|
||||||
Loading…
Reference in New Issue