Update Responsible Disclosure #395
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
docs/about-hypernode/security-policies/responsible-disclosure-policy.md
Outdated
Show resolved
Hide resolved
docs/about-hypernode/security-policies/responsible-disclosure-policy.md
Outdated
Show resolved
Hide resolved
Comment on lines
38
to
41
| * Reviewing your report promptly. | ||
| * Keeping you informed about progress. | ||
| * Rewarding you when appropriate. | ||
| * Never taking legal action against responsible researchers. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Reviewing your report promptly. | |
| * Keeping you informed about progress. | |
| * Rewarding you when appropriate. | |
| * Never taking legal action against responsible researchers. | |
| - Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | |
| - Avoid impacting user data or privacy. | |
| - No social engineering or physical testing. | |
| - Keep your findings confidential until we’ve had a chance to fix the issue. |
| * Keeping you informed about progress. | ||
| * Rewarding you when appropriate. | ||
| * Never taking legal action against responsible researchers. | ||
|
|
Contributor
There was a problem hiding this comment.
Suggested change
| - Reviewing your report promptly. | |
| - Keeping you informed about progress. | |
| - Rewarding you when appropriate. | |
| - Never taking legal action against responsible researchers. |
Comment on lines
45
to
51
| * A secure and trusted platform for disclosure of vulnerabilities. | ||
| * Structured communication and feedback. | ||
| * Bounty rewards for accepted reports and easy payout. | ||
| * Optional anonymity for researchers. | ||
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | ||
| Thanks for helping us make Hypernode more secure for all our users. | ||
| We appreciate your time, your skills, and your ethical approach. |
Contributor
There was a problem hiding this comment.
Suggested change
| * A secure and trusted platform for disclosure of vulnerabilities. | |
| * Structured communication and feedback. | |
| * Bounty rewards for accepted reports and easy payout. | |
| * Optional anonymity for researchers. | |
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | |
| Thanks for helping us make Hypernode more secure for all our users. | |
| We appreciate your time, your skills, and your ethical approach. |
Comment on lines
30
to
37
| ## What We Expect | ||
| We ask all researchers to follow these basic rules: | ||
| * Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | ||
| * Avoid impacting user data or privacy. | ||
| * No social engineering or physical testing. | ||
| * Keep your findings confidential until we’ve had a chance to fix the issue. | ||
|
|
||
| If you play by the rules, we commit to: |
Contributor
There was a problem hiding this comment.
Suggested change
| ## What We Expect | |
| We ask all researchers to follow these basic rules: | |
| * Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | |
| * Avoid impacting user data or privacy. | |
| * No social engineering or physical testing. | |
| * Keep your findings confidential until we’ve had a chance to fix the issue. | |
| If you play by the rules, we commit to: | |
| - A secure and trusted platform for disclosure of vulnerabilities. | |
| - Structured communication and feedback. | |
| - Bounty rewards for accepted reports and easy payout. | |
| - Optional anonymity for researchers. | |
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | |
| Thanks for helping us make Hypernode more secure for all our users. | |
| We appreciate your time, your skills, and your ethical approach. |
Contributor
|
Acceptance server is available at https://docs-ephoo01d0.hypernode.io. |
…policy.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…policy.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Comment on lines
23
to
26
| * A detailed list of in-scope and out-of-scope systems | ||
| * Rules of engagement for security testing | ||
| * Submission guidelines | ||
| * Potential rewards for eligible findings |
Contributor
There was a problem hiding this comment.
Suggested change
| * A detailed list of in-scope and out-of-scope systems | |
| * Rules of engagement for security testing | |
| * Submission guidelines | |
| * Potential rewards for eligible findings | |
| - A detailed list of in-scope and out-of-scope systems | |
| - Rules of engagement for security testing | |
| - Submission guidelines | |
| - Potential rewards for eligible findings |
| - Your name/handle and a link for recognition in our Hall of Fame. | ||
|
|
||
| If you’d like to encrypt the information, please use our [PGP-key](https://pgp.mit.edu/pks/lookup?search=0x4FDDF9236D0E2A2E&op=index&rel=noopener): (ID: 6D0E2A2E, Fingerprint: 5CF5 61BE C0AA AE11 8164 6576 4FDD F923 6D0E 2A2E). | ||
| You can find the current scope and testing guidelines directly on our Intigriti page. |
Contributor
There was a problem hiding this comment.
Suggested change
| You can find the current scope and testing guidelines directly on our Intigriti page. | |
| You can find the current scope and testing guidelines directly on our Intigriti page. | |
Comment on lines
33
to
40
| * Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | ||
| * Avoid impacting user data or privacy. | ||
| * No social engineering or physical testing. | ||
| * Keep your findings confidential until we’ve had a chance to fix the issue. | ||
|
|
||
| If you play by the rules, we commit to: | ||
| * Reviewing your report promptly. | ||
| * Keeping you informed about progress. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | |
| * Avoid impacting user data or privacy. | |
| * No social engineering or physical testing. | |
| * Keep your findings confidential until we’ve had a chance to fix the issue. | |
| If you play by the rules, we commit to: | |
| * Reviewing your report promptly. | |
| * Keeping you informed about progress. | |
| - Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | |
| - Avoid impacting user data or privacy. | |
| - No social engineering or physical testing. | |
| - Keep your findings confidential until we’ve had a chance to fix the issue. |
| * Keeping you informed about progress. | ||
| * Rewarding you when appropriate. | ||
| * Never taking legal action against responsible researchers. | ||
|
|
Contributor
There was a problem hiding this comment.
Suggested change
| - Reviewing your report promptly. | |
| - Keeping you informed about progress. | |
| - Rewarding you when appropriate. | |
| - Never taking legal action against responsible researchers. |
Comment on lines
46
to
52
| * A secure and trusted platform for disclosure of vulnerabilities. | ||
| * Structured communication and feedback. | ||
| * Bounty rewards for accepted reports and easy payout. | ||
| * Optional anonymity for researchers. | ||
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | ||
| Thanks for helping us make Hypernode more secure for all our users. | ||
| We appreciate your time, your skills, and your ethical approach. |
Contributor
There was a problem hiding this comment.
Suggested change
| * A secure and trusted platform for disclosure of vulnerabilities. | |
| * Structured communication and feedback. | |
| * Bounty rewards for accepted reports and easy payout. | |
| * Optional anonymity for researchers. | |
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | |
| Thanks for helping us make Hypernode more secure for all our users. | |
| We appreciate your time, your skills, and your ethical approach. | |
| - A secure and trusted platform for disclosure of vulnerabilities. | |
| - Structured communication and feedback. | |
| - Bounty rewards for accepted reports and easy payout. | |
| - Optional anonymity for researchers. | |
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | |
| Thanks for helping us make Hypernode more secure for all our users. | |
| We appreciate your time, your skills, and your ethical approach. |
…policy.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…policy.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…policy.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Comment on lines
24
to
27
| * A detailed list of in-scope and out-of-scope systems | ||
| * Rules of engagement for security testing | ||
| * Submission guidelines | ||
| * Potential rewards for eligible findings |
Contributor
There was a problem hiding this comment.
Suggested change
| * A detailed list of in-scope and out-of-scope systems | |
| * Rules of engagement for security testing | |
| * Submission guidelines | |
| * Potential rewards for eligible findings | |
| - A detailed list of in-scope and out-of-scope systems | |
| - Rules of engagement for security testing | |
| - Submission guidelines | |
| - Potential rewards for eligible findings |
| - Your name/handle and a link for recognition in our Hall of Fame. | ||
|
|
||
| If you’d like to encrypt the information, please use our [PGP-key](https://pgp.mit.edu/pks/lookup?search=0x4FDDF9236D0E2A2E&op=index&rel=noopener): (ID: 6D0E2A2E, Fingerprint: 5CF5 61BE C0AA AE11 8164 6576 4FDD F923 6D0E 2A2E). | ||
| You can find the current scope and testing guidelines directly on our Intigriti page. |
Contributor
There was a problem hiding this comment.
Suggested change
| You can find the current scope and testing guidelines directly on our Intigriti page. | |
| You can find the current scope and testing guidelines directly on our Intigriti page. | |
Comment on lines
34
to
41
| * Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | ||
| * Avoid impacting user data or privacy. | ||
| * No social engineering or physical testing. | ||
| * Keep your findings confidential until we’ve had a chance to fix the issue. | ||
|
|
||
| If you play by the rules, we commit to: | ||
| * Reviewing your report promptly. | ||
| * Keeping you informed about progress. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | |
| * Avoid impacting user data or privacy. | |
| * No social engineering or physical testing. | |
| * Keep your findings confidential until we’ve had a chance to fix the issue. | |
| If you play by the rules, we commit to: | |
| * Reviewing your report promptly. | |
| * Keeping you informed about progress. | |
| - Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | |
| - Avoid impacting user data or privacy. | |
| - No social engineering or physical testing. | |
| - Keep your findings confidential until we’ve had a chance to fix the issue. | |
| - Reviewing your report promptly. | |
| - Keeping you informed about progress. | |
| - Rewarding you when appropriate. | |
| - Never taking legal action against responsible researchers. |
Comment on lines
47
to
53
| * A secure and trusted platform for disclosure of vulnerabilities. | ||
| * Structured communication and feedback. | ||
| * Bounty rewards for accepted reports and easy payout. | ||
| * Optional anonymity for researchers. | ||
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | ||
| Thanks for helping us make Hypernode more secure for all our users. | ||
| We appreciate your time, your skills, and your ethical approach. |
Contributor
There was a problem hiding this comment.
Suggested change
| * A secure and trusted platform for disclosure of vulnerabilities. | |
| * Structured communication and feedback. | |
| * Bounty rewards for accepted reports and easy payout. | |
| * Optional anonymity for researchers. | |
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | |
| Thanks for helping us make Hypernode more secure for all our users. | |
| We appreciate your time, your skills, and your ethical approach. | |
| - A secure and trusted platform for disclosure of vulnerabilities. | |
| - Structured communication and feedback. | |
| - Bounty rewards for accepted reports and easy payout. | |
| - Optional anonymity for researchers. | |
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | |
| Thanks for helping us make Hypernode more secure for all our users. | |
| We appreciate your time, your skills, and your ethical approach. |
Comment on lines
35
to
42
| * Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | ||
| * Avoid impacting user data or privacy. | ||
| * No social engineering or physical testing. | ||
| * Keep your findings confidential until we’ve had a chance to fix the issue. | ||
|
|
||
| If you play by the rules, we commit to: | ||
| * Reviewing your report promptly. | ||
| * Keeping you informed about progress. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | |
| * Avoid impacting user data or privacy. | |
| * No social engineering or physical testing. | |
| * Keep your findings confidential until we’ve had a chance to fix the issue. | |
| If you play by the rules, we commit to: | |
| * Reviewing your report promptly. | |
| * Keeping you informed about progress. | |
| - Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | |
| - Avoid impacting user data or privacy. | |
| - No social engineering or physical testing. | |
| - Keep your findings confidential until we’ve had a chance to fix the issue. | |
| - Reviewing your report promptly. | |
| - Keeping you informed about progress. | |
| - Rewarding you when appropriate. | |
| - Never taking legal action against responsible researchers. |
Comment on lines
48
to
54
| * A secure and trusted platform for disclosure of vulnerabilities. | ||
| * Structured communication and feedback. | ||
| * Bounty rewards for accepted reports and easy payout. | ||
| * Optional anonymity for researchers. | ||
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | ||
| Thanks for helping us make Hypernode more secure for all our users. | ||
| We appreciate your time, your skills, and your ethical approach. |
Contributor
There was a problem hiding this comment.
Suggested change
| * A secure and trusted platform for disclosure of vulnerabilities. | |
| * Structured communication and feedback. | |
| * Bounty rewards for accepted reports and easy payout. | |
| * Optional anonymity for researchers. | |
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | |
| Thanks for helping us make Hypernode more secure for all our users. | |
| We appreciate your time, your skills, and your ethical approach. | |
| - A secure and trusted platform for disclosure of vulnerabilities. | |
| - Structured communication and feedback. | |
| - Bounty rewards for accepted reports and easy payout. | |
| - Optional anonymity for researchers. | |
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | |
| Thanks for helping us make Hypernode more secure for all our users. | |
| We appreciate your time, your skills, and your ethical approach. |
| - Your name/handle and a link for recognition in our Hall of Fame. | ||
|
|
||
| If you’d like to encrypt the information, please use our [PGP-key](https://pgp.mit.edu/pks/lookup?search=0x4FDDF9236D0E2A2E&op=index&rel=noopener): (ID: 6D0E2A2E, Fingerprint: 5CF5 61BE C0AA AE11 8164 6576 4FDD F923 6D0E 2A2E). | ||
| You can find the current scope and testing guidelines directly on our Intigriti page. |
Contributor
There was a problem hiding this comment.
Suggested change
| You can find the current scope and testing guidelines directly on our Intigriti page. | |
| You can find the current scope and testing guidelines directly on our Intigriti page. |
Comment on lines
36
to
43
| * Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | ||
| * Avoid impacting user data or privacy. | ||
| * No social engineering or physical testing. | ||
| * Keep your findings confidential until we’ve had a chance to fix the issue. | ||
|
|
||
| If you play by the rules, we commit to: | ||
| * Reviewing your report promptly. | ||
| * Keeping you informed about progress. |
Contributor
There was a problem hiding this comment.
Suggested change
| * Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | |
| * Avoid impacting user data or privacy. | |
| * No social engineering or physical testing. | |
| * Keep your findings confidential until we’ve had a chance to fix the issue. | |
| If you play by the rules, we commit to: | |
| * Reviewing your report promptly. | |
| * Keeping you informed about progress. | |
| - Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. | |
| - Avoid impacting user data or privacy. | |
| - No social engineering or physical testing. | |
| - Keep your findings confidential until we’ve had a chance to fix the issue. | |
| - Reviewing your report promptly. | |
| - Keeping you informed about progress. | |
| - Rewarding you when appropriate. | |
| - Never taking legal action against responsible researchers. |
Comment on lines
49
to
55
| * A secure and trusted platform for disclosure of vulnerabilities. | ||
| * Structured communication and feedback. | ||
| * Bounty rewards for accepted reports and easy payout. | ||
| * Optional anonymity for researchers. | ||
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | ||
| Thanks for helping us make Hypernode more secure for all our users. | ||
| We appreciate your time, your skills, and your ethical approach. |
Contributor
There was a problem hiding this comment.
Suggested change
| * A secure and trusted platform for disclosure of vulnerabilities. | |
| * Structured communication and feedback. | |
| * Bounty rewards for accepted reports and easy payout. | |
| * Optional anonymity for researchers. | |
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | |
| Thanks for helping us make Hypernode more secure for all our users. | |
| We appreciate your time, your skills, and your ethical approach. | |
| - A secure and trusted platform for disclosure of vulnerabilities. | |
| - Structured communication and feedback. | |
| - Bounty rewards for accepted reports and easy payout. | |
| - Optional anonymity for researchers. | |
| By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved. | |
| Thanks for helping us make Hypernode more secure for all our users. | |
| We appreciate your time, your skills, and your ethical approach. |
docs/about-hypernode/security-policies/responsible-disclosure-policy.md
Outdated
Show resolved
Hide resolved
…policy.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…policy.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
docs/about-hypernode/security-policies/responsible-disclosure-policy.md
Outdated
Show resolved
Hide resolved
| - We are aware not all our domains have complete SPF / DKIM / DMARC setups. | ||
| - We are aware our marketing domains contain social media links are missing 'noopener' attributes, and can placed in iframes. | ||
| ## What We Expect | ||
| We ask all researchers to follow these basic rules: |
Contributor
There was a problem hiding this comment.
Suggested change
| We ask all researchers to follow these basic rules: | |
| We ask all researchers to follow these basic rules: |
Contributor
|
Acceptance server is available at https://docs-ephoo01d0.hypernode.io. |
…policy.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Contributor
|
Acceptance server is available at https://docs-ephoo01d0.hypernode.io. |
|
|
||
| If you believe you’ve found a security vulnerability in one of our products or platforms please send it to us by emailing disclosure@nl.team.blue. Please include the following details with your report: | ||
| ## Why Intigriti? | ||
| Using Intigriti benefits both sides: |
Contributor
There was a problem hiding this comment.
Suggested change
| Using Intigriti benefits both sides: | |
| Using Intigriti benefits both sides: |
Contributor
|
Acceptance server is available at https://docs-ephoo01d0.hypernode.io. |
Contributor
|
Acceptance server is available at https://docs-ephoo01d0.hypernode.io. |
…policy.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
docs/about-hypernode/security-policies/responsible-disclosure-policy.md
Outdated
Show resolved
Hide resolved
Contributor
|
Acceptance server is available at https://docs-ephoo01d0.hypernode.io. |
…policy.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Contributor
|
Acceptance server is available at https://docs-ephoo01d0.hypernode.io. |
Contributor
|
Acceptance server is available at https://docs-ephoo01d0.hypernode.io. |
Contributor
|
Acceptance server is available at https://docs-ephoo01d0.hypernode.io. |
Contributor
|
Acceptance server is available at https://docs-ephoo01d0.hypernode.io. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This updates the Responsible Disclosure Policy to align with the main document