From df182b373fc49f20188d531494e1bff1a9ad247e Mon Sep 17 00:00:00 2001 From: Rigel Kent Date: Tue, 18 Sep 2018 11:18:51 +0200 Subject: normalize robot.txt and specify test servers as scope of security audits --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'SECURITY.md') diff --git a/SECURITY.md b/SECURITY.md index 37ed19246..5c668a2a3 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -30,7 +30,7 @@ To encourage vulnerability research and to avoid any confusion between good-fait - Avoid violating the privacy of others, disrupting our systems, destroying data, and/or harming user experience. - Use only the Official Channels to discuss vulnerability information with us. - Keep the details of any discovered vulnerabilities confidential until they are fixed, according to the Disclosure Terms in this policy. -- Perform testing only on in-scope systems, and respect systems and activities which are out-of-scope. +- Perform testing only on in-scope systems, and respect systems and activities which are out-of-scope. Systems currently considered in-scope are the official demonstration/test servers provided by the PeerTube development team. - If a vulnerability provides unintended access to data: Limit the amount of data you access to the minimum required for effectively demonstrating a Proof of Concept; and cease testing and submit a report immediately if you encounter any user data during testing, such as Personally Identifiable Information (PII), Personal Healthcare Information (PHI), credit card data, or proprietary information. - You should only interact with test accounts you own or with explicit permission from the account holder. - Do not engage in extortion. -- cgit v1.2.3