Skip to content

Security: AndrewSisley/defradb

Security

SECURITY.md

Democratized Data (D2) Foundation Security Disclosure Policy

We value the work of well-intentioned security researchers in identifying security vulnerabilities. We adhere to the practice of responsible disclosure to protect users from the impact of security issues. This policy outlines our commitment to addressing security incidents and our expectations for responsible disclosure.

Commitments

  1. We respond to security incidents and address vulnerabilities.
  2. We collaborate to establish a disclosure time frame for the reported vulnerability. During this time, we will either develop a fix or accept the risk, followed by disclosing the vulnerability.
  3. We are transparent, ensuring our community remains informed about incidents affecting them.

Responsible Disclosure Process

If you have discovered a security vulnerability in our technologies, please disclose it responsibly by contacting us at [email protected]. We kindly ask that you refrain from discussing potential vulnerabilities in public without our prior validation.

Upon receiving a report, our security team will:

  1. Review the report, verify the vulnerability, and respond with confirmation or requests for additional information. Our typical response time is within 24 hours.
  2. Once the reported security bug has been addressed, we will notify the researcher, who may optionally disclose the vulnerability publicly.

We currently do not offer bug bounties. The Democratized Data (D2) Foundation or organizations using our technologies may choose to provide such rewards in the future. We maintain a Hall of Fame to acknowledge those responsibly disclosing security issues.

There aren’t any published security advisories