search

Nightonke / CoCoin

CoCoin, Multi-view Accounting Application
2.84k stars 1.08k forks source link

How to get in touch regarding a security concern #57

Open zidingz opened 2 years ago

zidingz commented 2 years ago

Hey there!

I belong to an open source security research community, and a member (@vanlan12) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

vanlan12 commented 2 years ago

Hi Ziding Zhang.

I have described how to access and read the password content stored under the Local Data Storage area in the Security.md file. If you have any questions, feel free to ask..

Thanks and best regards.

Vào Th 6, 15 thg 10, 2021 vào lúc 11:52 Ziding Zhang < @.***> đã viết:

Hey there!

I belong to an open source security research community, and a member ( @vanlan12 https://github.com/vanlan12) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper https://github.com/huntr-helper)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Nightonke/CoCoin/issues/57, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFJ6WDTNPH7Q26G5LH34XRLUG6XPNANCNFSM5GBELZTQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.