■ ■ ■ ■ ■ ■
docs/docs/policies/security-disclosure.mdx
| skipped 27 lines |
| 28 | 28 | | We’re extremely grateful for security researchers and users who report vulnerabilities to the Hasura community. All |
| 29 | 29 | | reports are thoroughly investigated by the Hasura team. |
| 30 | 30 | | |
| 31 | | - | To report a security issue, please email us at <[email protected]> with details, if possible attaching relevant |
| 32 | | - | information. The more details we have, the quicker will we be able to fix potential vulnerabilities. |
| | 31 | + | To report a security issue, please email us at <[email protected]> with the vulnerability details, and attach the |
| | 32 | + | relevant information including screenshots/videos. The more details we have, the quicker will we be able to fix any |
| | 33 | + | potential vulnerabilities. |
| 33 | 34 | | |
| 34 | | - | We do not currently have a bug bounty program, however, for valid high and critical severity issues we may, at our |
| 35 | | - | discretion, choose to award a bounty. Please see our guidance at the bottom of the page for types of vulnerabilities |
| 36 | | - | which are in and out of scope. Do not use social engineering and make a good faith effort to avoid privacy violations, |
| 37 | | - | destruction of data, and interruption or degradation of our service. If you should accidentally do any of these things, |
| 38 | | - | stop immediately and report the issue. |
| | 35 | + | Hasura does not provide monetary reward for vulnerability disclosures however, at our sole discretion, we may make |
| | 36 | + | exceptions to this policy for exceptional contributions. |
| | 37 | + | |
| | 38 | + | You may be eligible for a reward if it requires a severe code/configuration change from our side. The rewards can be |
| | 39 | + | both monetary or swag. |
| | 40 | + | |
| | 41 | + | Please reference our guidance at the bottom of the page for the types of vulnerabilities that are in and out-of-scope. |
| | 42 | + | |
| | 43 | + | Do not use social engineering techniques and make a good faith effort to avoid any privacy violations, destruction of |
| | 44 | + | data, and interruption or degradation of our service. |
| | 45 | + | |
| | 46 | + | If you should accidentally do any of these things, please stop immediately and report the issue. |
| 39 | 47 | | |
| 40 | 48 | | ### When should I report a vulnerability? |
| 41 | 49 | | |
| skipped 84 lines |
Dhruvil Joshi
committed
with
Rob Dominguez
1 month ago
1 parent 309e3161