search

trufflesuite / trufflesuite.com

Trufflesuite website source ✨
https://trufflesuite.com
182 stars 421 forks source link

Add security.txt file #1253

Open kevinweaver opened 2 years ago

kevinweaver commented 2 years ago

Issue

The Security team suggested we follow suit with a recent initiative by Metamask to add the https://securitytxt.org/ .well-known file to the website. The intention is to point outside contributors to our bug bounty.

Steps to Reproduce

I should be able to navigate to: https://trufflesuite.com/.well-known/security.txt

Expected Behavior

I should see a link to https://hackerone.com/consensys for bug bounty submissions.

This could instead direct to a full page if we feel that it's worth it. For context, here is the staging version of metamask.io’s new bounty page: https://metamask.consensys.net/security/)

Environment

fainashalts commented 2 years ago

Note to whoever works on this issue: We discussed this in ticket processing, and we've decided we should just create the security.txt file rather than a full page for it.