From 25c6106bd62e0a62a208816588f797dc67d4698d Mon Sep 17 00:00:00 2001 From: Pranay Prateek Date: Mon, 30 May 2022 17:04:02 +0530 Subject: [PATCH 1/5] Create SECURITY.md --- SECURITY.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..c593e1e528 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,11 @@ +# Security Policy + +SigNoz is looking forward to working with security researchers across the world to keep SigNoz and our users safe. If you have found an issue in our systems/applications, please reach out to us. + +## Reporting a Vulnerability + +If you believe you have found a vulnerability, feel free to reach out to security@signoz.io. You should hear back from us in 3 working days. + +## Thanks + +Thank you for keeping SigNoz and our users safe. 🙇 From b5b9f20b1f32af10b2a375a84e2c695cfcafe19f Mon Sep 17 00:00:00 2001 From: Pranay Prateek Date: Mon, 30 May 2022 17:13:34 +0530 Subject: [PATCH 2/5] Update SECURITY.md --- SECURITY.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index c593e1e528..3cb375730a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,9 +2,13 @@ SigNoz is looking forward to working with security researchers across the world to keep SigNoz and our users safe. If you have found an issue in our systems/applications, please reach out to us. +## Supported Versions +We always recommend using the latest version of SigNoz to ensure you get all security updates + ## Reporting a Vulnerability -If you believe you have found a vulnerability, feel free to reach out to security@signoz.io. You should hear back from us in 3 working days. +If you believe you have found a vulnerability, feel free to reach out to +We currently do not operate a bug bounty program, but we will generously reward you with merch for any actionable security vulnerabilities found. ## Thanks From b6cfe9d08e0e793fd02af34e4c9777968a4d9cf9 Mon Sep 17 00:00:00 2001 From: Pranay Prateek Date: Mon, 30 May 2022 17:14:01 +0530 Subject: [PATCH 3/5] Update SECURITY.md --- SECURITY.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SECURITY.md b/SECURITY.md index 3cb375730a..f3d98cc3c8 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -8,6 +8,7 @@ We always recommend using the latest version of SigNoz to ensure you get all sec ## Reporting a Vulnerability If you believe you have found a vulnerability, feel free to reach out to + We currently do not operate a bug bounty program, but we will generously reward you with merch for any actionable security vulnerabilities found. ## Thanks From 0a4bc7e1815355c7cf34c0463bc17691bf057842 Mon Sep 17 00:00:00 2001 From: Pranay Prateek Date: Mon, 30 May 2022 17:22:20 +0530 Subject: [PATCH 4/5] Update SECURITY.md --- SECURITY.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index f3d98cc3c8..088a7f1c19 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,9 +7,11 @@ We always recommend using the latest version of SigNoz to ensure you get all sec ## Reporting a Vulnerability -If you believe you have found a vulnerability, feel free to reach out to +If you believe you have found a security vulnerability within Infracost, please let us know right away. We'll try and fix the problem as soon as possible. -We currently do not operate a bug bounty program, but we will generously reward you with merch for any actionable security vulnerabilities found. +Do not report vulnerabilities using public GitHub issues. Instead, email with a detailed account of the issue. Please submit one issue per email, this helps us triage vulnerabilities. + +Once we've received your email we'll keep you updated as we fix the vulnerability. ## Thanks From c27c026e254cb2db8a249d31e43fd4ff5af1caf2 Mon Sep 17 00:00:00 2001 From: Pranay Prateek Date: Mon, 30 May 2022 17:22:47 +0530 Subject: [PATCH 5/5] Update SECURITY.md --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 088a7f1c19..000076fe18 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,9 +7,9 @@ We always recommend using the latest version of SigNoz to ensure you get all sec ## Reporting a Vulnerability -If you believe you have found a security vulnerability within Infracost, please let us know right away. We'll try and fix the problem as soon as possible. +If you believe you have found a security vulnerability within SigNoz, please let us know right away. We'll try and fix the problem as soon as possible. -Do not report vulnerabilities using public GitHub issues. Instead, email with a detailed account of the issue. Please submit one issue per email, this helps us triage vulnerabilities. +**Do not report vulnerabilities using public GitHub issues**. Instead, email with a detailed account of the issue. Please submit one issue per email, this helps us triage vulnerabilities. Once we've received your email we'll keep you updated as we fix the vulnerability.