diff options
| author |   Yury German <blueknight@gentoo.org> | 2022-01-23 18:37:36 -0500 |
|---|---|---|
| committer | Yury German <blueknight@gentoo.org> | 2022-01-23 18:37:36 -0500 |
| commit | f18b23a3a9378fb0a98856d436aa9ebf94e47429 (patch) | |
| tree | e418433e22854ebd2d77eaa869d5d0470a973317 /plugins/jetpack/jetpack_vendor/automattic/jetpack-roles/SECURITY.md | |
| parent | Add classic-editor 1.5 (diff) | |
| download | blogs-gentoo-f18b23a3a9378fb0a98856d436aa9ebf94e47429.tar.gz blogs-gentoo-f18b23a3a9378fb0a98856d436aa9ebf94e47429.tar.bz2 blogs-gentoo-f18b23a3a9378fb0a98856d436aa9ebf94e47429.zip | |
Updating Classic Editor, Google Authenticatior, Jetpack, Public Post Preview, Table of Contents, Wordpress Importer
Signed-off-by: Yury German <blueknight@gentoo.org>
Diffstat (limited to 'plugins/jetpack/jetpack_vendor/automattic/jetpack-roles/SECURITY.md')
| -rw-r--r-- | plugins/jetpack/jetpack_vendor/automattic/jetpack-roles/SECURITY.md | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/plugins/jetpack/jetpack_vendor/automattic/jetpack-roles/SECURITY.md b/plugins/jetpack/jetpack_vendor/automattic/jetpack-roles/SECURITY.md new file mode 100644 index 00000000..b4b46c0e --- /dev/null +++ b/plugins/jetpack/jetpack_vendor/automattic/jetpack-roles/SECURITY.md @@ -0,0 +1,38 @@ +# Security Policy + +Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/). + +## Supported Versions + +Generally, only the latest version of Jetpack has continued support. If a critical vulnerability is found in the current version of Jetpack, we may opt to backport any patches to previous versions. + +## Reporting a Vulnerability + +[Jetpack](https://jetpack.com/) is an open-source plugin for WordPress. Our HackerOne program covers the plugin software, as well as a variety of related projects and infrastructure. + +**For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.** + +Our most critical targets are: + +* Jetpack and the Jetpack composer packages (all within this repo) +* Jetpack.com -- the primary marketing site. +* cloud.jetpack.com -- a management site. +* wordpress.com -- the shared management site for both Jetpack and WordPress.com sites. + +For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic). + +_Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._ + +## Guidelines + +We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines: + +* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines). +* Pen-testing Production: + * Please **setup a local environment** instead whenever possible. Most of our code is open source (see above). + * If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC. + * **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels. + * To be eligible for a bounty, all of these guidelines must be followed. +* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability. + +We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties. |