bunkerized-nginx/SECURITY.md

# Security policy

Even though this project is focused on security, it is still prone to possible vulnerabilities. We consider every security bug as a serious issue and will try our best to address it.

## Responsible disclosure

If you have found a security bug, please send us an email at security \[@\] bunkerity.com (using a ProtonMail if possible) with technical details so we can resolve it as soon as possible.

Here is a non-exhaustive list of issues we consider as high risk :
- Vulnerability in the code
- Bypass of a security feature
- Vulnerability in a third-party dependency
- Risk in the supply chain

## Bounty

To encourage responsible disclosure, we may reward you with a bounty at the sole discretion of the maintainers.
security - add security policy 2021-08-05 23:25:50 +02:00			`# Security policy`

			`Even though this project is focused on security, it is still prone to possible vulnerabilities. We consider every security bug as a serious issue and will try our best to address it.`

			`## Responsible disclosure`

prepare for 1.5.1 🚀 2023-06-14 21:39:12 +02:00			`If you have found a security bug, please send us an email at security \[@\] bunkerity.com (using a ProtonMail if possible) with technical details so we can resolve it as soon as possible.`
security - add security policy 2021-08-05 23:25:50 +02:00
			`Here is a non-exhaustive list of issues we consider as high risk :`
bunkerweb 1.4.0 2022-06-03 17:24:14 +02:00			`- Vulnerability in the code`
security - add security policy 2021-08-05 23:25:50 +02:00			`- Bypass of a security feature`
			`- Vulnerability in a third-party dependency`
			`- Risk in the supply chain`

			`## Bounty`

Add a pre-commit-config file and passed all checks 2023-09-29 19:11:48 +02:00			`To encourage responsible disclosure, we may reward you with a bounty at the sole discretion of the maintainers.`