Skip to content

Commit

Permalink
chore(docs): add SECURITY.md for vulnerability reporting and guidelin…
Browse files Browse the repository at this point in the history 
…es (#133)
  • Loading branch information
@windmgc
windmgc authored Jan 20, 2025
1 parent 2e622c0 commit 7afbc2c
Showing 1 changed file with 32 additions and 0 deletions.
32 changes: 32 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Security Policy

## Reporting a Vulnerability

At lua-resty-aws, we take security issues very seriously. If you believe you have found a security vulnerability in our project, we encourage you to disclose it responsibly. Please report any potential security vulnerabilities to us by sending an email to [[email protected]](mailto:[email protected]).

## How to Report

1. **Do not publicly disclose the vulnerability**: Please do not create a GitHub issue or post the vulnerability on public forums. Instead, contact us directly at [[email protected]](mailto:[email protected]).
1. **Provide detailed information**: When reporting a vulnerability, please include as much information as possible to help us understand and reproduce the issue. This may include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any relevant logs or screenshots

## What to Expect

- **Acknowledgment**: We will acknowledge receipt of your vulnerability report within 48 hours.
- **Investigation**: Our security team will investigate the report and will keep you informed of the progress. We aim to resolve critical vulnerabilities within 30 days of confirmation.
- **Disclosure**: We prefer coordinated disclosure and will work with you to schedule the disclosure of the vulnerability in a way that minimizes the risk to users.

## Bug Bounty Program

We encourage security researchers to participate in our bug bounty program as outlined on the [Kong Vulnerability Disclosure](https://konghq.com/compliance/bug-bounty) page. This program provides rewards for discovering and reporting security vulnerabilities in accordance with our disclosure guidelines.

Thank you for helping to keep lua-resty-aws secure.

For more information on our security policies and guidelines, please visit the [Kong Vulnerability Disclosure](https://konghq.com/compliance/bug-bounty) page.

## Contact

For any questions or further assistance, please contact us at [[email protected]](mailto:[email protected]).

0 comments on commit 7afbc2c

Please sign in to comment.