-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
21 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,23 @@ | ||
# Security Policies and Procedures | ||
This document outlines security procedures and general policies for the `mantra-dex` project. | ||
* [Reporting a Bug](#reporting-a-vulnerability) | ||
* [Disclosure Policy](#disclosure-policy) | ||
|
||
todo | ||
## Reporting a Vulnerability | ||
Security is something we take seriously at MANTRA. Thanks for taking the time to improve the security of `mantra-dex`, | ||
we appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. | ||
|
||
Please report security bugs by sending an email to security@mantrachain.io. Do not report it publicly on the GitHub | ||
issues tracker. Your report should detail the necessary steps to reproduce the security issue. We will acknowledge your | ||
email within 72 hours and send a detailed response indicating the next steps. After the initial reply to your report, | ||
we will keep you informed of the progress towards a fix and full announcement and may ask for additional information | ||
or guidance. | ||
|
||
Report security vulnerabilities in third-party modules to the person or team maintaining the module. | ||
|
||
## Disclosure Policy | ||
If we receive a security bug report, we assign it to a primary handler. This person will coordinate the fix and release | ||
process, involving the following steps: | ||
* Confirm the problem and determine the affected versions. | ||
* Audit code to find any potentially similar problems. | ||
* Rollout the fixes. |