Skip to content

Latest commit

 

History

History
19 lines (14 loc) · 1018 Bytes

SECURITY.md

File metadata and controls

19 lines (14 loc) · 1018 Bytes

Tutor Ethical Vulnerability Disclosure Policy

Reporting a Vulnerability

To ensure the health of the codebase and the larger Open edX and Tutor communities, please do not create GitHub issues for a security vulnerability. Report any security vulnerabilities or concerns by sending an email to security.tutor@edly.io. To ensure a timely triage and fix of the security issue, include as many details you can when reporting the vulnerability. Some pieces of information to consider:

  • The nature of the vulnerability, e.g.
    • Authentication and Authorization
    • Data Integrity and Confidentiality
    • Security Configurations
    • Third-party dependencies
  • The impact of the security risk
  • A detailed description of the steps necessary to reproduce the issue
  • The links to the vulnerable code
  • The links to third-party libraries/packages if the vulnerability is present in such a dependency.

Bug Bounty

Edly/Tutor does not offer a bug bounty for reported vulnerabilities.