Skip to content

Commit 262a7ab

Browse files
windmgcwindmgc
committed
chore(docs): add SECURITY.md for vulnerability reporting and guidelines
1 parent 2e622c0 commit 262a7ab

File tree

1 file changed

+32
-0
lines changed

1 file changed

+32
-0
lines changed

SECURITY.md

+32
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
# Security Policy
2+
3+
## Reporting a Vulnerability
4+
5+
At lua-resty-aws, we take security issues very seriously. If you believe you have found a security vulnerability in our project, we encourage you to disclose it responsibly. Please report any potential security vulnerabilities to us by sending an email to [vulnerability@konghq.com](mailto:vulnerability@konghq.com).
6+
7+
## How to Report
8+
9+
1. **Do not publicly disclose the vulnerability**: Please do not create a GitHub issue or post the vulnerability on public forums. Instead, contact us directly at [vulnerability@konghq.com](mailto:vulnerability@konghq.com).
10+
1. **Provide detailed information**: When reporting a vulnerability, please include as much information as possible to help us understand and reproduce the issue. This may include:
11+
- Description of the vulnerability
12+
- Steps to reproduce the issue
13+
- Potential impact
14+
- Any relevant logs or screenshots
15+
16+
## What to Expect
17+
18+
- **Acknowledgment**: We will acknowledge receipt of your vulnerability report within 48 hours.
19+
- **Investigation**: Our security team will investigate the report and will keep you informed of the progress. We aim to resolve critical vulnerabilities within 30 days of confirmation.
20+
- **Disclosure**: We prefer coordinated disclosure and will work with you to schedule the disclosure of the vulnerability in a way that minimizes the risk to users.
21+
22+
## Bug Bounty Program
23+
24+
We encourage security researchers to participate in our bug bounty program as outlined on the [Kong Vulnerability Disclosure](https://konghq.com/compliance/bug-bounty) page. This program provides rewards for discovering and reporting security vulnerabilities in accordance with our disclosure guidelines.
25+
26+
Thank you for helping to keep lua-resty-aws secure.
27+
28+
For more information on our security policies and guidelines, please visit the [Kong Vulnerability Disclosure](https://konghq.com/compliance/bug-bounty) page.
29+
30+
## Contact
31+
32+
For any questions or further assistance, please contact us at [vulnerability@konghq.com](mailto:vulnerability@konghq.com).

0 commit comments

Comments
 (0)