Mirror/SECURITY.md

# Security Policy

## Supported Versions

Mirror & Mirror LTS are both supported for security fixes.

## Reporting a Vulnerability
Please contact security [at] mirror-networking.com to report a vulnerability.
You can also contact us in [our Discord](https://discord.gg/N9QVxbM) for faster replies.

You can expect a reply within 24-48 hours.
We will keep you updated on our steps to mitigate issues every 2-4 weeks.

Depending on the severity of the exploit, we offer a $50 - $500 bug bounty.

**Specifically we are looking for:**
* Ways to crash a Mirror server.
* Ways to exploit a Mirror server.
* Ways to leave a Mirror server in undefined state.

We are **not** looking for DOS/DDOS attacks, as those are expected to be handled by the hosting infrastructure.
Create SECURITY.md 2023-01-25 12:16:57 +00:00			`# Security Policy`

			`## Supported Versions`

			`Mirror & Mirror LTS are both supported for security fixes.`

			`## Reporting a Vulnerability`
			`Please contact security [at] mirror-networking.com to report a vulnerability.`
			`You can also contact us in [our Discord](https://discord.gg/N9QVxbM) for faster replies.`

			`You can expect a reply within 24-48 hours.`
			`We will keep you updated on our steps to mitigate issues every 2-4 weeks.`

			`Depending on the severity of the exploit, we offer a $50 - $500 bug bounty.`

			`Specifically we are looking for:`
			`* Ways to crash a Mirror server.`
			`* Ways to exploit a Mirror server.`
			`* Ways to leave a Mirror server in undefined state.`

			`We are not looking for DOS/DDOS attacks, as those are expected to be handled by the hosting infrastructure.`