mirror of
https://github.com/bitwarden/browser
synced 2025-12-16 16:23:44 +00:00
upadte security md
This commit is contained in:
Kyle Spearrin
16
SECURITY.md
16
SECURITY.md
@@ -1,4 +1,4 @@
|
|||||||
bitwarden believes that working with security researchers across the globe is crucial to keeping our
|
Bitwarden believes that working with security researchers across the globe is crucial to keeping our
|
||||||
users safe. If you believe you've found a security issue in our product or service, we encourage you to
|
users safe. If you believe you've found a security issue in our product or service, we encourage you to
|
||||||
notify us. We welcome working with you to resolve the issue promptly. Thanks in advance!
|
notify us. We welcome working with you to resolve the issue promptly. Thanks in advance!
|
||||||
|
|
||||||
@@ -16,7 +16,7 @@ notify us. We welcome working with you to resolve the issue promptly. Thanks in
|
|||||||
|
|
||||||
# In-scope
|
# In-scope
|
||||||
|
|
||||||
- Security issues in any current release of bitwarden. This includes the web vault, browser extension,
|
- Security issues in any current release of Bitwarden. This includes the web vault, browser extension,
|
||||||
and mobile apps (iOS and Android). Product downloads are available at https://bitwarden.com. Source
|
and mobile apps (iOS and Android). Product downloads are available at https://bitwarden.com. Source
|
||||||
code is available at https://github.com/bitwarden.
|
code is available at https://github.com/bitwarden.
|
||||||
|
|
||||||
@@ -24,14 +24,14 @@ notify us. We welcome working with you to resolve the issue promptly. Thanks in
|
|||||||
|
|
||||||
The following bug classes are out-of scope:
|
The following bug classes are out-of scope:
|
||||||
|
|
||||||
- Bugs that are already reported on any of bitwarden's issue trackers (https://github.com/bitwarden),
|
- Bugs that are already reported on any of Bitwarden's issue trackers (https://github.com/bitwarden),
|
||||||
or that we already know of. Note that some of our issue tracking is private.
|
or that we already know of. Note that some of our issue tracking is private.
|
||||||
- Issues in an upstream software dependency (ex: Xamarin, ASP.NET) which are already reported to the
|
- Issues in an upstream software dependency (ex: Xamarin, ASP.NET) which are already reported to the
|
||||||
upstream maintainer.
|
upstream maintainer.
|
||||||
- Attacks requiring physical access to a user's device.
|
- Attacks requiring physical access to a user's device.
|
||||||
- Self-XSS
|
- Self-XSS
|
||||||
- Issues related to software or protocols not under bitwarden's control
|
- Issues related to software or protocols not under Bitwarden's control
|
||||||
- Vulnerabilities in outdated versions of bitwarden
|
- Vulnerabilities in outdated versions of Bitwarden
|
||||||
- Missing security best practices that do not directly lead to a vulnerability
|
- Missing security best practices that do not directly lead to a vulnerability
|
||||||
- Issues that do not have any impact on the general public
|
- Issues that do not have any impact on the general public
|
||||||
|
|
||||||
@@ -39,7 +39,7 @@ While researching, we'd like to ask you to refrain from:
|
|||||||
|
|
||||||
- Denial of service
|
- Denial of service
|
||||||
- Spamming
|
- Spamming
|
||||||
- Social engineering (including phishing) of bitwarden staff or contractors
|
- Social engineering (including phishing) of Bitwarden staff or contractors
|
||||||
- Any physical attempts against bitwarden property or data centers
|
- Any physical attempts against Bitwarden property or data centers
|
||||||
|
|
||||||
Thank you for helping keep bitwarden and our users safe!
|
Thank you for helping keep Bitwarden and our users safe!
|
||||||
|
|||||||
Reference in New Issue
Block a user