Skip to content

Commit

Permalink
Add SECURITY.md
Browse files Browse the repository at this point in the history 
VN-2745
  • Loading branch information
@wfinn
wfinn committed Aug 24, 2021
1 parent eaa5972 commit 22bc904
Showing 1 changed file with 29 additions and 0 deletions.
29 changes: 29 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Security Policy

## Supported Versions

Only the latest version of verinice has all security updates.

## Reporting a Vulnerability

Please e-mail [[email protected]](mailto:[email protected]) if you believe you have found a vulnerability in verinice.
Minor security issues can be publicly reported on GitHub.

In your bug report, please try to cover the following info:
- Proof of Concept: exact steps to reproduce the bug
- How did you discover the vulnerability?
- Your estimation of impact
- Suggestions for a fix

When receiving a bug report, we will look at it internally before answering, so expect some delay until you get an answer.
Once we confirmed and talked about the vulnerability, we will contact you.

### Public Disclosure

Please give us up to 120 days to fix the vulnerability you reported, once the patch is public you can disclose it.

## Hall of Fame

In this section we thank researchers who submitted critical vulnerabilities to us.

- Frank Nusko (SECIANUS GmbH & Co. KG) RCE via insecure deserialization CVE-2021-36981

0 comments on commit 22bc904

Please sign in to comment.