Open tomtitherington opened 9 months ago
Reporting any potential vulnerabilities is strongly encouraged.
If you suspect a vulnerability, please take the following steps:
security at X
.You can expect a response to your initial report within one business day. While the core team works on addressing the issue, please maintain confidentiality about the vulnerability to ensure the security of all users. Please refrain from exploiting the vulnerability or revealing the problem to others.
While X doesn't have a formal bug bounty program right now due to the project's nascent stage, rest assured that:
Efforts are continually made to enhance the security of the product. If you have any recommendations or feature requests that could enhance the product's security, please share them via the discussion forum.
⚠️ Note this does not apply to security vulnerabilities. If you're in doubt, then always follow the security vulnerability process
Something like...?
Summary
Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
Impact
What kind of vulnerability is it? Who is impacted?