blob: ac6e5dc7ced1391a9e7c3fb0423df35e7a806ad7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
---
hidden: true
ignoresearch: true
---
Because no system is entirely free of security issues, it's important to provide ways for external users to offer input and report vulnerabilities.
**Do you have an easily discoverable way for external researchers to report security vulnerabilities in your systems?**
{{<c/choices app_vuln_report_way >}}
* (yes) Yes, we have a published security email contact, or we provide another way for users to report security issues. Incoming reports are timely reviewed and triaged.
* (no) No, we do not currently offer a way to report security vulnerabilities for priority handling.
{{</c/choices>}}
{{<c/show `{app_vuln_report_way} == 'no'`>}}
{{<c/hidden warn_app_vuln_report_way_no `No external security contact published`>}}
{{%notice warning%}}
**Warning — possible medium-risk issue**\
\
Make it easy for others to let you know about security issues in your products. That way you'll learn about vulnerabilities earlier and can respond to them quickly. Also, without an easy way to report issues directly to you, external researchers might publish issues widely instead.
\
\
If you have compensating controls in place or feel that this issue does not constitute a risk in your specific circumstances, please explain below. If you're working to address this issue, include an estimate of when it will be resolved:
{{<c/text "app_vuln_report_way_countermeasures*" multi >}}
Lorem placeholder
{{</c/text>}}
{{%/notice%}}
{{</c/show>}}
|
