|
| 1 | +## Security and privacy |
| 2 | + |
| 3 | +If you discover potential security issues in the pproject, or believe you may have |
| 4 | +found a security issue, please notify the ByteDance security team through our |
| 5 | +[security center](https://security.bytedance.com/ssrc/) or [vulnerability reporting |
| 6 | +email](mailto:src@bytedance.com). Please do not create public GitHub Issues. |
| 7 | + |
| 8 | +We will assess the vulnerability based on the Common Vulnerability Scoring System |
| 9 | +(CVSS 3.1). The security team will keep you updated on key progress and may request |
| 10 | +further information or guidance from you. You are welcome to contact us via the email |
| 11 | +or website mentioned above to ask questions or discuss disclosure matters. |
| 12 | + |
| 13 | +To protect the security of our customers, ByteDance requests that you do not publish |
| 14 | +or share information regarding the vulnerability iin any public forum, nor publish or |
| 15 | +share data involving users, until the vulnerability has been remediated and our users |
| 16 | +have been notified. Please understand that the time required for remediation depends |
| 17 | +on the severity of the vulnerability and the scope of the impact. |
| 18 | + |
| 19 | +Individuals, companies, and security teams may wish to publish security advisories on |
| 20 | +their own websites or other forums. Please contact us via the email or website |
| 21 | +mentioned above prior to publication to discuss the information that can be disclosed |
| 22 | +and to coordinate the disclosure timeline. |
| 23 | + |
| 24 | +## Bug Bounty Reward |
| 25 | + |
| 26 | +[For the policy of bug bounty reward](https://bytedance.larkoffice.com/docx/ZstQd7bbooDctqxBCAmcFasOngd), if you have any |
| 27 | +questions about the rules, please contact [https://src.bytedance.com/home](https://src.bytedance.com/home) for consultation. |
0 commit comments