github.com/aiven/aiven-go-client@v1.36.0/SECURITY.md

github.com/aiven/aiven-go-client@v1.36.0/SECURITY.md (about)

     1  # Security Policy
     2  
     3  ## Supported Versions
     4  
     5  We release patches for security vulnerabilities. Which versions are eligible
     6  receiving such patches depend on the CVSS v3.0 Rating:
     7  
     8  | CVSS v3.0 | Supported Versions                        |
     9  | --------- | ----------------------------------------- |
    10  | 4.0-10.0  | Most recent release                       |
    11  
    12  ## Reporting a Vulnerability
    13  
    14  Please report (suspected) security vulnerabilities to our **[bug bounty
    15  program](https://hackerone.com/aiven_ltd)**. You will receive a response from
    16  us within 2 working days. If the issue is confirmed, we will release a patch as
    17  soon as possible depending on impact and complexity.
    18  
    19  ## Qualifying Vulnerabilities
    20  
    21  Any reproducible vulnerability that has a severe effect on the security or
    22  privacy of our users is likely to be in scope for the program.
    23  
    24  We generally **aren't** interested in the following issues:
    25  * Social engineering (e.g. phishing, vishing, smishing) attacks
    26  * Brute force, DoS, text injection
    27  * Missing best practices such as HTTP security headers (CSP, X-XSS, etc.),
    28    email (SPF/DKIM/DMARC records), SSL/TLS configuration.
    29  * Software version disclosure / Banner identification issues / Descriptive
    30    error messages or headers (e.g. stack traces, application or server errors).
    31  * Clickjacking on pages with no sensitive actions
    32  * Theoretical vulnerabilities where you can't demonstrate a significant
    33    security impact with a proof of concept.