From 191b38f2862f1f08a0f25fb22d68e10688c93a3e Mon Sep 17 00:00:00 2001 From: Bernardo Codesido Date: Wed, 27 Mar 2024 12:31:34 -0300 Subject: [PATCH] Update domains, bug bounty program url and reponse times --- SECURITY.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index a244ad34e44..9dd6741396a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,10 +1,10 @@ -# RSK's Security Process +# rskj Security Process We are committed to conduct our security process in a professional and civil manner. Public shaming, under-reporting or misrepresentation of vulnerabilities will not be tolerated. ## Responsible Disclosure -For all security related issues, RSK has two main points of contact. Reach us at or refer to our [Bug Bounty Program](https://www.iovlabs.org/bug-bounty-program). **Do not open up a GitHub issue if the bug is a security vulnerability** +For all security related issues, rskj has two main points of contact. Reach us at or refer to our [Bug Bounty Program](https://www.rootstocklabs.com/bug-bounty-program). **Do not open up a GitHub issue if the bug is a security vulnerability** **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rsksmart/rskj/issues). @@ -12,10 +12,10 @@ For all security related issues, RSK has two main points of contact. Reach us at ### Response Time -RSK will make a best effort to meet the following response times for reported vulnerabilities: +RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities: -* Time to first response (from report submit) - 24 hours -* Time to triage (from report submit) - 2 business days +* Time to first response (from report submit) - 5 business days +* Time to triage (from report submit) - 7 business days * Time to bounty (from triage) - 15 business days We’ll try to keep you informed about our progress throughout the process. @@ -23,9 +23,9 @@ We’ll try to keep you informed about our progress throughout the process. ### Disclouse Policy * Follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines). -* Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ethereum or ETC) but reports to RSK with considerable delay, then RSK may reduce or cancel the bounty. +* Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ethereum or ETC) but reports to RootstockLabs with considerable delay, then RootstockLabs may reduce or cancel the bounty. -For more information check RSK bounty program policy at [HackerOne](https://hackerone.com/iovlabs) +For more information check RootstockLabs bounty program policy at [HackerOne](https://hackerone.com/rootstocklabs) ## Public Keys