Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to get in touch regarding a security concern #1986

Open
JamieSlome opened this issue May 27, 2022 · 5 comments
Open

How to get in touch regarding a security concern #1986

JamieSlome opened this issue May 27, 2022 · 5 comments

Comments

@JamieSlome
Copy link

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@cokeBeer) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

@yolandadadada
Copy link
Member

you can contact with @IBAXkyle on Telegram for further details, We will reply to you as soon as possible after seeing your message.

@JamieSlome
Copy link
Author

@yolandadadada - thank you for your response 👍 I don't currently have access to Telegram, do you have an organisational e-mail I can use instead?

Just for reference, the private report can be found here:
https://huntr.dev/bounties/53fc7360-b264-4625-a6ce-25055f27d550/

It is only accessible to maintainers with repository write permissions.

@yolandadadada
Copy link
Member

@yolandadadada - thank you for your response 👍 I don't currently have access to Telegram, do you have an organisational e-mail I can use instead?

Just for reference, the private report can be found here: https://huntr.dev/bounties/53fc7360-b264-4625-a6ce-25055f27d550/

It is only accessible to maintainers with repository write permissions.

Do you want to communicate by email? I can't see the details in the link you gave.

@JamieSlome
Copy link
Author

@yolandadadada - sure, we can provide you with a non-sign in URL which will allow you to view the contents. Otherwise, you can view the contents of the report by signing up to the platform, so our system can check that you have the right permissions to view the report 👍

@yolandadadada
Copy link
Member

@yolandadadada - sure, we can provide you with a non-sign in URL which will allow you to view the contents. Otherwise, you can view the contents of the report by signing up to the platform, so our system can check that you have the right permissions to view the report 👍

Okay, thank you for your attention. Our main network is still under development, and we hope you can find out the security risks for our system after the main network is online.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants