Create SECURITY.md

2024-11-17 18:40:33 +00:00 · 2023-01-25 13:16:57 +01:00 · 2023-01-25 13:16:57 +01:00 · 3ceadaca40
commit 3ceadaca40
parent 7a9a861821
1 changed files with 21 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Mirror & Mirror LTS are both supported for security fixes.
+
+## Reporting a Vulnerability
+Please contact security [at] mirror-networking.com to report a vulnerability.
+You can also contact us in [our Discord](https://discord.gg/N9QVxbM) for faster replies.
+
+You can expect a reply within 24-48 hours.
+We will keep you updated on our steps to mitigate issues every 2-4 weeks.
+
+Depending on the severity of the exploit, we offer a $50 - $500 bug bounty.
+
+**Specifically we are looking for:**
+* Ways to crash a Mirror server.
+* Ways to exploit a Mirror server.
+* Ways to leave a Mirror server in undefined state.
+
+We are **not** looking for DOS/DDOS attacks, as those are expected to be handled by the hosting infrastructure.