Skip to content

Commit

Permalink
fix: Update bug bounty program handler, domains and response times (#399
Browse files Browse the repository at this point in the history
)
  • Loading branch information
bcodesido authored Apr 3, 2024
1 parent ae45dca commit b97de2d
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
# RSK's Security Process
# Token Bridge's Security Process

We're committed to conduct our security process in a professional and civil manner. Public shaming, under-reporting or misrepresentation of vulnerabilities will not be tolerated.

## Responsible Disclosure

For all security related issues, RSK has to main points of contact. Reach us at <security@iovlabs.org> or refer to our [Bug Bounty Program.](https://www.rsk.co/bounty-program/) **Do not open up a GitHub issue if the bug is a security vulnerability.**
For all security related issues, Token Bridge has to main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program.](https://www.rootstocklabs.com/bug-bounty-program/) **Do not open up a GitHub issue if the bug is a security vulnerability.**

**Ensure the bug was not already reported** by searching on Github under [Issues](https://github.com/rsksmart/tokenbridge/issues).

## Vulnerability Handling

### Response Time

RSK will make a best effort to meet the following response times for reported vulnerabilities:
RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities:

* Time to first response (from report submit) - 24 hours
* Time to triage (from report submit) - 2 business days
* Time to first response (from report submit) - 5 business days
* Time to triage (from report submit) - 7 business days
* Time to bounty (from triage) - 15 business days

We’ll try to keep you informed about our progress throughout the process.

### Disclouse Policy

* Follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ethereum or ETC) but reports to RSK with considerable delay, then RSK may reduce or cancel the bounty.
* Public disclosure of a vulnerability makes it ineligible for a bounty.

For more information check RSK bounty program policy at [HackerOne](https://hackerone.com/iovlabs)
For more information check RootstockLabs bounty program policy at [HackerOne](https://hackerone.com/rootstocklabs)

## Public Keys

Expand Down

0 comments on commit b97de2d

Please sign in to comment.