19 lines
1.4 KiB
Markdown
19 lines
1.4 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Thingsbpard privately,
|
|
to minimize attacks against current users of Thingsboard before they are fixed. Vulnerabilities will be investigated and release as soon as possible.
|
|
|
|
To report a vulnerability or a security-related issue, please email the private address security@thingsboard.io with the details of the vulnerability.
|
|
Emails will be addressed within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime.
|
|
Do not report non-security-impacting bugs through this channel. Use GitHub issues instead.
|
|
|
|
**Proposed Email Content**
|
|
Provide a descriptive subject line and in the body of the email include the following information:
|
|
|
|
Basic identity information, such as your name and your affiliation or company.
|
|
Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and compressed packet captures are all helpful to us).
|
|
Description of the effects of the vulnerability on Thingsboard and the related hardware and software configurations, so that the Thingsboarf Security Team can reproduce it.
|
|
How the vulnerability affects Thingsboard usage and an estimation of the attack surface, if there is one.
|
|
List other projects or dependencies that were used in conjunction with Thingsboard to produce the vulnerability. |