Skip to content

Commit

Permalink
Update bug bounty program handler, domains and response times
Browse files Browse the repository at this point in the history
  • Loading branch information
bcodesido committed Mar 27, 2024
1 parent d8d05df commit d2a8375
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,18 @@ We are committed to conduct our security process in a professional and civil man

## Responsible Disclosure

For all security related issues, RIF Wallet has two main points of contact. Reach us at <security@iovlabs.org> or refer to our [Bug Bounty Program](https://www.iovlabs.org/bug-bounty-program). **Do not open up a GitHub issue if the bug is a security vulnerability**
For all security related issues, RIF Wallet has two main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program](https://www.rootstocklabs.com/bug-bounty-program). **Do not open up a GitHub issue if the bug is a security vulnerability**

**Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rsksmart/rif-wallet-libs/issues).

## Vulnerability Handling

### Response Time

RSK will make a best effort to meet the following response times for reported vulnerabilities:
RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities:

* Time to first response (from report submit) - 24 hours
* Time to triage (from report submit) - 2 business days
* Time to first response (from report submit) - 5 business days
* Time to triage (from report submit) - 7 business days
* Time to bounty (from triage) - 15 business days

We’ll try to keep you informed about our progress throughout the process.
Expand All @@ -25,7 +25,7 @@ We’ll try to keep you informed about our progress throughout the process.
* Follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
* Public disclosure of a vulnerability makes it ineligible for a bounty.

For more information check RSK bounty program policy at [HackerOne](https://hackerone.com/iovlabs)
For more information check RootstockLabs bounty program policy at [HackerOne](https://hackerone.com/rootstocklabs)

## Public Keys

Expand Down

0 comments on commit d2a8375

Please sign in to comment.