Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Add a security policy
See original GitHub issueHey there!
I belong to an open source security research community, and a member (@ready-research) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@Cervator - thank you for updating the status of the report.
Thanks for your recommendations for the website, we will definitely take your ideas on board. If you have any things you would really love to see on the platform, I’d love to invite you to create a feature request on our public repository.
With regards to bounties, we reward maintainers as we understand that taking time from a maintainer is precious, where they could be contributing elsewhere, and we see the fixing of vulnerabilities as an important part of remediating a vulnerability.
Long term, we look to work closely with enterprises that depend so heavily on OSS to fund the security/vulnerability research. We are constantly on the watch for “abuse” behaviors, and without a doubt, they evolve as the platform grows. We have and continue to put various quality measures in place to prevent these abuses.
Let me know if you have any further questions - happy to discuss! ❤️
Hello @Cervator - thanks for sharing your feedback!
To give some clarity, approve signals to us that you believe the report to be a legitimate security concern against the code-base, that has potential security implications or impact. When rejecting, this indicates that it is not a security issue (i.e. a bug or some technical issue - which is what sounds like this case could be).
We are constantly trying to improve the platform to ensure that quality reports are shared with maintainers, to save time for both the maintainer and researcher!
In my opinion, given your feedback here and on the report, I would recommend “Rejecting” the report as it does not appear to be a security concern with impact in your eyes.
Let me know if you have any more questions or feedback, and happy to help! ❤️