config
5 years ago
core
5 years ago
js
5 years ago
lang
6 years ago
libs
6 years ago
plugins
5 years ago
vendor
5 years ago
.htaccess
6 years ago
LEGALNOTICE
6 years ago
LICENSE
6 years ago
LegacyAutoloader.php
5 years ago
PRIVACY.md
6 years ago
README.md
6 years ago
SECURITY.md
6 years ago
bootstrap.php
6 years ago
console
6 years ago
favicon.ico
6 years ago
index.php
6 years ago
matomo.js
5 years ago
matomo.php
6 years ago
piwik.js
5 years ago
piwik.php
6 years ago
robots.txt
6 years ago
SECURITY.md
24 lines
| 1 | # Reporting Security Issues |
| 2 | |
| 3 | ## Security Bug Bounty Program |
| 4 | |
| 5 | The Matomo Security Bug Bounty Program is designed to encourage security research in Matomo software and to reward those who help us create the safest web analytics platform. The bounty for valid critical security bugs is a **$777** (US) cash reward. The bounty for non-critical bugs is **$333** (US), paid via Paypal. |
| 6 | |
| 7 | |
| 8 | ## Responsible disclosure by email |
| 9 | |
| 10 | |
| 11 | We encourage you to responsibly report issues via our [](https://hackerone.com/matomoMatomo Bug Bounty Program on HackerOne](https://hackerone.com/matomo](https://hackerone.com/matomo) or you can also |
| 12 | [](mailto:security@matomo.org?subject=Reporting%20Vulnerability%20in%20Matomoemail us at security@matomo.org](mailto:security@matomo.org?subject=Reporting%20Vulnerability%20in%20Matomo](mailto:security@matomo.org?subject=Reporting%20Vulnerability%20in%20Matomo). |
| 13 | |
| 14 | If you have found a security issue in Matomo please read [](https://matomo.org/security/our security notes](https://matomo.org/security/](https://matomo.org/security/) regarding responsible disclosures. |
| 15 | |
| 16 | |
| 17 | ## Improve your Matomo Server Security |
| 18 | |
| 19 | [](https://matomo.org/docs/security/Secure Matomo server](https://matomo.org/docs/security/](https://matomo.org/docs/security/): follow these steps to keep your Matomo data safe. |
| 20 | |
| 21 | ## Security announcements |
| 22 | |
| 23 | Please subscribe to [](https://matomo.org/changelog/the Changelog](https://matomo.org/changelog/](https://matomo.org/changelog/) ([](https://matomo.org/changelog/feed/rss feed](https://matomo.org/changelog/feed/](https://matomo.org/changelog/feed/)) to be notified of new releases (including security releases). |
| 24 |