|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Reporting a Vulnerability |
| 4 | + |
| 5 | +At Kong, we take security issues very seriously. If you believe you have found a |
| 6 | +security vulnerability in our project, we encourage you to disclose it |
| 7 | +responsibly. Please report any potential security vulnerabilities to us by |
| 8 | + |
| 9 | + |
| 10 | +## How to Report |
| 11 | + |
| 12 | +1. **Do not publicly disclose the vulnerability**: Please do not create a GitHub |
| 13 | + issue or post the vulnerability on public forums. Instead, contact us |
| 14 | + |
| 15 | + |
| 16 | +2. **Provide detailed information**: When reporting a vulnerability, please |
| 17 | + include as much information as possible to help us understand and reproduce |
| 18 | + the issue. This may include: |
| 19 | + - Description of the vulnerability |
| 20 | + - Steps to reproduce the issue |
| 21 | + - Potential impact |
| 22 | + - Any relevant logs or screenshots |
| 23 | + |
| 24 | +## What to Expect |
| 25 | + |
| 26 | +- **Acknowledgment**: We will acknowledge receipt of your vulnerability report |
| 27 | + within 48 hours. |
| 28 | +- **Investigation**: Our security team will investigate the report and will keep |
| 29 | + you informed of the progress. We aim to resolve critical vulnerabilities |
| 30 | + within 30 days of confirmation. |
| 31 | +- **Disclosure**: We prefer coordinated disclosure and will work with you to |
| 32 | + schedule the disclosure of the vulnerability in a way that minimizes the risk |
| 33 | + to users. |
| 34 | + |
| 35 | +## Bug Bounty Program |
| 36 | + |
| 37 | +We encourage security researchers to participate in our bug bounty program as |
| 38 | +outlined on the [Kong Vulnerability |
| 39 | +Disclosure](https://konghq.com/compliance/bug-bounty) page. This program |
| 40 | +provides rewards for discovering and reporting security vulnerabilities in |
| 41 | +accordance with our disclosure guidelines. |
| 42 | + |
| 43 | +Thank you for helping to keep ngx_wasm_module secure. |
| 44 | + |
| 45 | +For more information on our security policies and guidelines, please visit the |
| 46 | +[Kong Vulnerability Disclosure](https://konghq.com/compliance/bug-bounty) page. |
| 47 | + |
| 48 | +## Contact |
| 49 | + |
| 50 | +For any questions or further assistance, please contact us at |
| 51 | + |
0 commit comments