From e454f6c3be5f2e705356f817166172410f603e53 Mon Sep 17 00:00:00 2001 From: Javier C Date: Fri, 29 Nov 2024 14:16:50 +0000 Subject: [PATCH] docs: add security policy --- docs/SECURITY.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/docs/SECURITY.md b/docs/SECURITY.md index 2c61ce3..844d8bb 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -1,3 +1,23 @@ # Security Policies and Procedures +This document outlines security procedures and general policies for the `mantra-dex` project. +* [Reporting a Bug](#reporting-a-vulnerability) +* [Disclosure Policy](#disclosure-policy) -todo +## Reporting a Vulnerability +Security is something we take seriously at MANTRA. Thanks for taking the time to improve the security of `mantra-dex`, +we appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. + +Please report security bugs by sending an email to security@mantrachain.io. Do not report it publicly on the GitHub +issues tracker. Your report should detail the necessary steps to reproduce the security issue. We will acknowledge your +email within 72 hours and send a detailed response indicating the next steps. After the initial reply to your report, +we will keep you informed of the progress towards a fix and full announcement and may ask for additional information +or guidance. + +Report security vulnerabilities in third-party modules to the person or team maintaining the module. + +## Disclosure Policy +If we receive a security bug report, we assign it to a primary handler. This person will coordinate the fix and release +process, involving the following steps: +* Confirm the problem and determine the affected versions. +* Audit code to find any potentially similar problems. +* Rollout the fixes.