From 1d00e18583c0d481d506cbd96f8e8f5a24df7d29 Mon Sep 17 00:00:00 2001 From: dashevchenko Date: Mon, 15 May 2023 17:50:08 +0300 Subject: [PATCH] added security.md --- security.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 security.md diff --git a/security.md b/security.md new file mode 100644 index 0000000000..2f4658997f --- /dev/null +++ b/security.md @@ -0,0 +1,19 @@ +# Security Policy + +## Reporting a Vulnerability + +Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Thingsbpard privately, +to minimize attacks against current users of Thingsboard before they are fixed. Vulnerabilities will be investigated and release as soon as possible. + +To report a vulnerability or a security-related issue, please email the private address security@thingsboard.io with the details of the vulnerability. +Emails will be addressed within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime. +Do not report non-security-impacting bugs through this channel. Use GitHub issues instead. + +**Proposed Email Content** +Provide a descriptive subject line and in the body of the email include the following information: + +Basic identity information, such as your name and your affiliation or company. +Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and compressed packet captures are all helpful to us). +Description of the effects of the vulnerability on Thingsboard and the related hardware and software configurations, so that the Thingsboarf Security Team can reproduce it. +How the vulnerability affects Thingsboard usage and an estimation of the attack surface, if there is one. +List other projects or dependencies that were used in conjunction with Thingsboard to produce the vulnerability. \ No newline at end of file