■ ■ ■ ■ ■ ■
docs/docs/policies/security-disclosure.mdx
| skipped 27 lines |
28 | 28 | | We’re extremely grateful for security researchers and users who report vulnerabilities to the Hasura community. All |
29 | 29 | | reports are thoroughly investigated by the Hasura team. |
30 | 30 | | |
31 | | - | To report a security issue, please email us at <[email protected]> with details, if possible attaching relevant |
32 | | - | information. The more details we have, the quicker will we be able to fix potential vulnerabilities. |
| 31 | + | To report a security issue, please email us at <[email protected]> with the vulnerability details, and attach the |
| 32 | + | relevant information including screenshots/videos. The more details we have, the quicker will we be able to fix any |
| 33 | + | potential vulnerabilities. |
33 | 34 | | |
34 | | - | We do not currently have a bug bounty program, however, for valid high and critical severity issues we may, at our |
35 | | - | discretion, choose to award a bounty. Please see our guidance at the bottom of the page for types of vulnerabilities |
36 | | - | which are in and out of scope. Do not use social engineering and make a good faith effort to avoid privacy violations, |
37 | | - | destruction of data, and interruption or degradation of our service. If you should accidentally do any of these things, |
38 | | - | stop immediately and report the issue. |
| 35 | + | Hasura does not provide monetary reward for vulnerability disclosures however, at our sole discretion, we may make |
| 36 | + | exceptions to this policy for exceptional contributions. |
| 37 | + | |
| 38 | + | You may be eligible for a reward if it requires a severe code/configuration change from our side. The rewards can be |
| 39 | + | both monetary or swag. |
| 40 | + | |
| 41 | + | Please reference our guidance at the bottom of the page for the types of vulnerabilities that are in and out-of-scope. |
| 42 | + | |
| 43 | + | Do not use social engineering techniques and make a good faith effort to avoid any privacy violations, destruction of |
| 44 | + | data, and interruption or degradation of our service. |
| 45 | + | |
| 46 | + | If you should accidentally do any of these things, please stop immediately and report the issue. |
39 | 47 | | |
40 | 48 | | ### When should I report a vulnerability? |
41 | 49 | | |
| skipped 84 lines |