Ecosystem/feather
Ecosystem/feather
1
0
Fork 0
mirror of https://github.com/feather-wallet/feather.git synced 2024-12-22 03:29:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

SECURITY.md: add clarification on binary exploitation

Browse source
This commit is contained in:
tobtoht 2024-10-08 19:15:55 +02:00
parent c600e4d376
commit 130432fd23
No known key found for this signature in database
GPG key ID: E45B10DD027D2472
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
SECURITY.md
View file

@ -35,6 +35,7 @@ Clarifications on scope:
- Any form of coercion, physical or psychological, is out of scope.
- Vulnerabilities that are attributable to hardware are out of scope.
- If the issue was fixed in the `master` branch before we receive your report, it is invalid and not eligible for a bounty from this program.
- If the vulnerability involves binary exploitation, we may ask you to provide a proof of concept of secret key exfiltration.
- Vulnerabilities that are present in the monero submodule but were not introduced in patches made by the Feather developers must
be reported [upstream](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md) and are not eligible for a bounty from this program.
- Vulnerabilities that are present in any of our third-party dependencies must be reported upstream and are not eligible for a bounty from this program.