SECURITY.md
115 lines
| 1 | <!-- |
| 2 | This policy was created using the HackerOne Policy Builder: |
| 3 | https://hackerone.com/policy-builder/ |
| 4 | --> |
| 5 | |
| 6 | # Vulnerability Disclosure Policy |
| 7 | |
| 8 | Keeping user information safe and secure is a top priority, and we welcome the |
| 9 | contribution of external security researchers. |
| 10 | |
| 11 | ## Scope |
| 12 | |
| 13 | If you believe you've found a security issue in software that is maintained in |
| 14 | this repository, we encourage you to notify us. |
| 15 | |
| 16 | | Version | In scope | Source code | |
| 17 | | :-----: | :------: | :---------- | |
| 18 | | latest | � |
| 19 | | https://github.com/ramsey/collection | |
| 20 | |
| 21 | ## How to Submit a Report |
| 22 | |
| 23 | To submit a vulnerability report, please contact us at <security@ramsey.dev>. |
| 24 | Your submission will be reviewed and validated by a member of our team. |
| 25 | |
| 26 | ## Safe Harbor |
| 27 | |
| 28 | We support safe harbor for security researchers who: |
| 29 | |
| 30 | * Make a good faith effort to avoid privacy violations, destruction of data, and |
| 31 | interruption or degradation of our services. |
| 32 | * Only interact with accounts you own or with explicit permission of the account |
| 33 | holder. If you do encounter Personally Identifiable Information (PII) contact |
| 34 | us immediately, do not proceed with access, and immediately purge any local |
| 35 | information. |
| 36 | * Provide us with a reasonable amount of time to resolve vulnerabilities prior |
| 37 | to any disclosure to the public or a third-party. |
| 38 | |
| 39 | We will consider activities conducted consistent with this policy to constitute |
| 40 | "authorized" conduct and will not pursue civil action or initiate a complaint to |
| 41 | law enforcement. We will help to the extent we can if legal action is initiated |
| 42 | by a third party against you. |
| 43 | |
| 44 | Please submit a report to us before engaging in conduct that may be inconsistent |
| 45 | with or unaddressed by this policy. |
| 46 | |
| 47 | ## Preferences |
| 48 | |
| 49 | * Please provide detailed reports with reproducible steps and a clearly defined |
| 50 | impact. |
| 51 | * Include the version number of the vulnerable package in your report |
| 52 | * Social engineering (e.g. phishing, vishing, smishing) is prohibited. |
| 53 | |
| 54 | ## Encryption Key for security@ramsey.dev |
| 55 | |
| 56 | For increased privacy when reporting sensitive issues, you may encrypt your |
| 57 | messages using the following key: |
| 58 | |
| 59 | ``` |
| 60 | -----BEGIN PGP PUBLIC KEY BLOCK----- |
| 61 | |
| 62 | mQINBF+Z9gEBEACbT/pIx8RR0K18t8Z2rDnmEV44YdT7HNsMdq+D6SAlx8UUb6AU |
| 63 | jGIbV9dgBgGNtOLU1pxloaJwL9bWIRbj+X/Qb2WNIP//Vz1Y40ox1dSpfCUrizXx |
| 64 | kb4p58Xml0PsB8dg3b4RDUgKwGC37ne5xmDnigyJPbiB2XJ6Xc46oPCjh86XROTK |
| 65 | wEBB2lY67ClBlSlvC2V9KmbTboRQkLdQDhOaUosMb99zRb0EWqDLaFkZVjY5HI7i |
| 66 | 0pTveE6dI12NfHhTwKjZ5pUiAZQGlKA6J1dMjY2unxHZkQj5MlMfrLSyJHZxccdJ |
| 67 | xD94T6OTcTHt/XmMpI2AObpewZDdChDQmcYDZXGfAhFoJmbvXsmLMGXKgzKoZ/ls |
| 68 | RmLsQhh7+/r8E+Pn5r+A6Hh4uAc14ApyEP0ckKeIXw1C6pepHM4E8TEXVr/IA6K/ |
| 69 | z6jlHORixIFX7iNOnfHh+qwOgZw40D6JnBfEzjFi+T2Cy+JzN2uy7I8UnecTMGo3 |
| 70 | 5t6astPy6xcH6kZYzFTV7XERR6LIIVyLAiMFd8kF5MbJ8N5ElRFsFHPW+82N2HDX |
| 71 | c60iSaTB85k6R6xd8JIKDiaKE4sSuw2wHFCKq33d/GamYezp1wO+bVUQg88efljC |
| 72 | 2JNFyD+vl30josqhw1HcmbE1TP3DlYeIL5jQOlxCMsgai6JtTfHFM/5MYwARAQAB |
| 73 | tBNzZWN1cml0eUByYW1zZXkuZGV2iQJUBBMBCAA+FiEE4drPD+/ofZ570fAYq0bv |
| 74 | vXQCywIFAl+Z9gECGwMFCQeGH4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ |
| 75 | q0bvvXQCywIkEA//Qcwv8MtTCy01LHZd9c7VslwhNdXQDYymcTyjcYw8x7O22m4B |
| 76 | 3hXE6vqAplFhVxxkqXB2ef0tQuzxhPHNJgkCE4Wq4i+V6qGpaSVHQT2W6DN/NIhL |
| 77 | vS8OdScc6zddmIbIkSrzVVAtjwehFNEIrX3DnbbbK+Iku7vsKT5EclOluIsjlYoX |
| 78 | goW8IeReyDBqOe2H3hoCGw6EA0D/NYV2bJnfy53rXVIyarsXXeOLp7eNEH6Td7aW |
| 79 | PVSrMZJe1t+knrEGnEdrXWzlg4lCJJCtemGv+pKBUomnyISXSdqyoRCCzvQjqyig |
| 80 | 2kRebUX8BXPW33p4OXPj9sIboUOjZwormWwqqbFMO+J4TiVCUoEoheI7emPFRcNN |
| 81 | QtPJrjbY1++OznBc0GRpfeUkGoU1cbRl1bnepnFIZMTDLkrVW6I1Y4q8ZVwX3BkE |
| 82 | N81ctFrRpHBlU36EdHvjPQmGtuiL77Qq3fWmMv7yTvK1wHJAXfEb0ZJWHZCbck3w |
| 83 | l0CVq0Z+UUAOM8Rp1N0N8m92xtapav0qCFU9qzf2J5qX6GRmWv+d29wPgFHzDWBm |
| 84 | nnrYYIA4wJLx00U6SMcVBSnNe91B+RfGY5XQhbWPjQQecOGCSDsxaFAq2MeOVJyZ |
| 85 | bIjLYfG9GxoLKr5R7oLRJvZI4nKKBc1Kci/crZbdiSdQhSQGlDz88F1OHeCIdQQQ |
| 86 | EQgAHRYhBOhdAxHd+lus86YQ57Atl5icjAcbBQJfmfdIAAoJELAtl5icjAcbFVcA |
| 87 | /1LqB3ZjsnXDAvvAXZVjSPqofSlpMLeRQP6IM/A9Odq0AQCZrtZc1knOMGEcjppK |
| 88 | Rk+sy/R0Mshy8TDuaZIRgh2Ux7kCDQRfmfYBARAAmchKzzVz7IaEq7PnZDb3szQs |
| 89 | T/+E9F3m39yOpV4fEB1YzObonFakXNT7Gw2tZEx0eitUMqQ/13jjfu3UdzlKl2bR |
| 90 | qA8LrSQRhB+PTC9A1XvwxCUYhhjGiLzJ9CZL6hBQB43qHOmE9XJPme90geLsF+gK |
| 91 | u39Waj1SNWzwGg+Gy1Gl5f2AJoDTxznreCuFGj+Vfaczt/hlfgqpOdb9jsmdoE7t |
| 92 | 3DSWppA9dRHWwQSgE6J28rR4QySBcqyXS6IMykqaJn7Z26yNIaITLnHCZOSY8zhP |
| 93 | ha7GFsN549EOCgECbrnPt9dmI2+hQE0RO0e7SOBNsIf5sz/i7urhwuj0CbOqhjc2 |
| 94 | X1AEVNFCVcb6HPi/AWefdFCRu0gaWQxn5g+9nkq5slEgvzCCiKYzaBIcr8qR6Hb4 |
| 95 | FaOPVPxO8vndRouq57Ws8XpAwbPttioFuCqF4u9K+tK/8e2/R8QgRYJsE3Cz/Fu8 |
| 96 | +pZFpMnqbDEbK3DL3ss+1ed1sky+mDV8qXXeI33XW5hMFnk1JWshUjHNlQmE6ftC |
| 97 | U0xSTMVUtwJhzH2zDp8lEdu7qi3EsNULOl68ozDr6soWAvCbHPeTdTOnFySGCleG |
| 98 | /3TonsoZJs/sSPPJnxFQ1DtgQL6EbhIwa0ZwU4eKYVHZ9tjxuMX3teFzRvOrJjgs |
| 99 | +ywGlsIURtEckT5Y6nMAEQEAAYkCPAQYAQgAJhYhBOHazw/v6H2ee9HwGKtG7710 |
| 100 | AssCBQJfmfYBAhsMBQkHhh+AAAoJEKtG7710AssC8NcP/iDAcy1aZFvkA0EbZ85p |
| 101 | i7/+ywtE/1wF4U4/9OuLcoskqGGnl1pJNPooMOSBCfreoTB8HimT0Fln0CoaOm4Q |
| 102 | pScNq39JXmf4VxauqUJVARByP6zUfgYarqoaZNeuFF0S4AZJ2HhGzaQPjDz1uKVM |
| 103 | PE6tQSgQkFzdZ9AtRA4vElTH6yRAgmepUsOihk0b0gUtVnwtRYZ8e0Qt3ie97a73 |
| 104 | DxLgAgedFRUbLRYiT0vNaYbainBsLWKpN/T8odwIg/smP0Khjp/ckV60cZTdBiPR |
| 105 | szBTPJESMUTu0VPntc4gWwGsmhZJg/Tt/qP08XYo3VxNYBegyuWwNR66zDWvwvGH |
| 106 | muMv5UchuDxp6Rt3JkIO4voMT1JSjWy9p8krkPEE4V6PxAagLjdZSkt92wVLiK5x |
| 107 | y5gNrtPhU45YdRAKHr36OvJBJQ42CDaZ6nzrzghcIp9CZ7ANHrI+QLRM/csz+AGA |
| 108 | szSp6S4mc1lnxxfbOhPPpebZPn0nIAXoZnnoVKdrxBVedPQHT59ZFvKTQ9Fs7gd3 |
| 109 | sYNuc7tJGFGC2CxBH4ANDpOQkc5q9JJ1HSGrXU3juxIiRgfA26Q22S9c71dXjElw |
| 110 | Ri584QH+bL6kkYmm8xpKF6TVwhwu5xx/jBPrbWqFrtbvLNrnfPoapTihBfdIhkT6 |
| 111 | nmgawbBHA02D5xEqB5SU3WJu |
| 112 | =eJNx |
| 113 | -----END PGP PUBLIC KEY BLOCK----- |
| 114 | ``` |
| 115 |