From 04f50990df50b147929955b05888daea6cc23004 Mon Sep 17 00:00:00 2001 From: Francis Dong <98066605+bc-donfran@users.noreply.github.com> Date: Sat, 2 Nov 2024 23:06:37 +1100 Subject: [PATCH] chore(security): APPSEC-705 Add SECURITY.md (#624) # [APPSEC-705] ## What changed? * Adding SECURITY.md ## Release notes draft Adding file so that security researchers knows where to report if a vulnerability was found on this repository. ping @bc-traciporter [APPSEC-705]: https://bigcommercecloud.atlassian.net/browse/APPSEC-705?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --- SECURITY.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..0095d631d --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,11 @@ +# Reporting security issues +BigCommerce is dedicated to the responsible disclosure of security vulnerabilities. +If you have found a security vulnerability in an active open-source repository created and owned by BigCommerce, please report it to our [public bug bounty program](https://bugcrowd.com/bigcommerce). If you would prefer to submit via email, please send your report to [security@bigcommerce.com](mailto:security@bigcommerce.com). + +We ask that you **do not** open a public GitHub issue to report security concerns. + +_Note: Only submissions to our bounty program on BugCrowd will be eligible for bounties. Bounty eligibility and amounts are determined according to the program guidelines._ + +_Note: Bugs in 3rd-party modules and/or dependencies should be reported to the owners/maintainers or those modules and/or dependencies, BigCommerce has no control or authority over third party content._ + +Thank you in advance for collaborating with us to help protect us and our customers.