kopia lustrzana https://github.com/snarfed/bridgy-fed
15 wiersze
936 B
Plaintext
15 wiersze
936 B
Plaintext
Contact: mailto:security@brid.gy
|
|
Expires: 2030-01-01T08:00:00.000Z
|
|
Preferred-Languages: en
|
|
Canonical: https://fed.brid.gy/.well-known/security.txt
|
|
Policy: https://fed.brid.gy/docs#vulnerability
|
|
|
|
Thank you for investigating Bridgy Fed's security! We appreciate any and all reports of vulnerabilities. The code is open source (https://github.com/snarfed/bridgy-fed), feel free to try to break in, let us know if you succeed!
|
|
|
|
A few guidelines for your report to qualify for a monetary reward:
|
|
|
|
* Vulnerabilities must be in the application itself, not unrelated services like email (eg SPF/DKIM/DMARC).
|
|
* Out of scope: rate limiting, XSS/CSRF attacks (Bridgy Fed has no authenticated sessions or private data accessible to users).
|
|
* Public user data is intentionally public. That's not a vulnerability.
|
|
* No automated fuzzing, DoSes, or other high volume traffic. We block this traffic, and it will disqualify you from any possible award.
|