Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding security policy #11

Merged
merged 5 commits into from
May 31, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/wordlist.txt
Original file line number Diff line number Diff line change
Expand Up @@ -158,3 +158,4 @@ valkey
valkeymodules
virtualenv
www
md
16 changes: 2 additions & 14 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -180,22 +180,10 @@ Please try at least versions of Docker.

## How to Report a Bug

### Security Vulnerabilities

**NOTE**: If you find a security vulnerability, do NOT open an issue.
Email [Salvatore Mesoraca (<[email protected]>)](mailto:[email protected]) instead.

In order to determine whether you are dealing with a security issue, ask
yourself these two questions:

- Can I access something that's not mine, or something I shouldn't
have access to?
- Can I disable something for other people?
### Security Vulnerabilities

If the answer to either of those two questions are *yes*, then you're
probably dealing with a security issue. Note that even if you answer
*no* to both questions, you may still be dealing with a security
issue, so if you're unsure, just email [us](mailto:[email protected]).
Reporting a vulnerability? See [SECURITY.md](https://github.com/valkey-io/valkey-py/blob/main/SECURITY.md).

### Everything Else

Expand Down
7 changes: 7 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
## Reporting a Vulnerability
aiven-sal marked this conversation as resolved.
Show resolved Hide resolved

If you believe you've discovered a security vulnerability, please contact the Valkey team at [email protected].
Please *DO NOT* create an issue.
We follow a responsible disclosure procedure, so depending on the severity of the issue we may notify Valkey vendors about the issue before releasing it publicly.
If you would like to be added to our list of vendors, please reach out to the Valkey team at [email protected].

Loading