Vulnerability Disclosure Policy

Sep 21, 2021

Dec 20, 2023

2 minutes

codereviewn3nxsecurity

At N3N, we prioritize the security of our software and systems. We appreciate the efforts of security researchers and the broader community in helping us identify and address vulnerabilities. This Vulnerability Disclosure Policy outlines the guidelines for reporting potential security issues in our projects.

Reporting a Vulnerability

If you discover a security vulnerability in any N3N project, we encourage you to responsibly disclose it to us. Please follow these steps:

1. Email: Send an email to security@n3n.org with the subject line "Security Vulnerability Report - [Project Name]."
2. Details: Provide a detailed description of the vulnerability, including the steps to reproduce it. A template is provided for you in REPORTING.md.
3. Contact Information: Include your contact information for further communication.

Guidelines for Responsible Disclosure

1. Provide Sufficient Information: When reporting a vulnerability, include enough information for our team to understand the issue and reproduce it. This may include steps, proof-of-concept code, or screenshots.

2. Act in Good Faith: We appreciate researchers who discover and report vulnerabilities responsibly. Follow ethical guidelines and act in good faith during the disclosure process.

3. Respect User Privacy: Do not attempt to access or disclose sensitive user data. Focus on demonstrating the vulnerability's impact on the security of the system.

4. Give Us Time to Respond: Allow a reasonable amount of time for our team to investigate and address the reported vulnerability before making it public.

What You Can Expect

1. Acknowledgment: Upon receiving your report, we will acknowledge its receipt and provide an initial assessment of the issue.

2. Communication: We will maintain open communication throughout the remediation process, keeping you informed of our progress and any necessary steps.

3. Credit: If you wish to be publicly credited for discovering and responsibly reporting a vulnerability, we will acknowledge your contribution when publicly disclosing the fix.

4. Resolution: Our team will work diligently to address and remediate the reported vulnerability. Once resolved, we will release updates or patches as necessary.

Legal Safe Harbor

We commit to not pursue legal action against individuals who report vulnerabilities responsibly in accordance with this policy. We appreciate the time and effort invested in helping us maintain a secure environment.

Thank you for your commitment to making the digital world safer. Your contributions are invaluable in enhancing the security of our projects and the broader open-source community.