Trying to get in touch regarding a security issue

HubSpot / react-select-plus

Fork of https://github.com/JedWatson/react-select with option group support

http://github.hubspot.com/react-select-plus/

MIT License

286 stars 93 forks source link

Trying to get in touch regarding a security issue #128

Open JamieSlome opened 3 years ago

JamieSlome commented 3 years ago

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

bjacobel commented 3 years ago

Hello there,

You can get in touch with HubSpot regarding a security concern at the following address: ~security@hubspot.com~ Edit: a better address is security-notifications@hubspot.com

Or, if the vulnerability is in-scope, you can report the issue through our Bug Bounty program (via BugCrowd).

We’ll work on getting that SECURITY file you suggested added, as well.

Thanks!