File tree Expand file tree Collapse file tree 1 file changed +36
-0
lines changed Expand file tree Collapse file tree 1 file changed +36
-0
lines changed Original file line number Diff line number Diff line change 1+ # libwebauthn Security Policy
2+
3+ Since this project handles very sensitive data, we, the maintainers of
4+ libwebauthn, take security seriously. This policy outlines our intentions for
5+ addressing security issues and practices for security researchers investigating
6+ this project.
7+
8+ ## Submitting Vulnerability Reports
9+
10+ If you have discovered a security vulnerability in this project, please report it
11+ to us privately via the process below.
12+
13+ We use GitHub for private vulnerability disclosure. To report a vulnerability:
14+
15+ 1 . Go to [ Security > Advisories > New draft security advisory] [ new-advisory ] .
16+ 2 . Fill out the report and submit the draft.
17+ 3 . The maintainers will be privately notified about the advisory and get back to
18+ you.
19+
20+ [ new-advisory ] : https://github.com/linux-credentials/libwebauthn/security/advisories/new
21+
22+ ## Expected Response
23+
24+ We aim to acknowledge the receipt of the report as soon as possible and will
25+ work with you. We seek to investigate issues within 30 days.
26+
27+ If the issue is confirmed upon investigation, we will collaborate with you to
28+ remediate the vulnerability. Depending on the severity or developer
29+ availability, we may request more time to remediate the issue before
30+ public disclosure.
31+
32+ # Supported Releases
33+
34+ We only support the latest published release. We may backport patches when
35+ possible to help users running on distributions that package older versions of
36+ our software.
You can’t perform that action at this time.
0 commit comments