mirror of
https://github.com/twofas/2fas-android.git
synced 2024-11-21 17:59:50 +01:00
Add SECURITY.md
This commit is contained in:
parent
db17645a8b
commit
78cb15e6f8
25
SECURITY.md
Normal file
25
SECURITY.md
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Security
|
||||||
|
|
||||||
|
At 2FAS, the security is a top priority. If you encounter a potential security issue please report it following the guidelines below.
|
||||||
|
|
||||||
|
## Reporting Security Issues
|
||||||
|
|
||||||
|
If you believe you've discovered a security vulnerability in Android mobile application, please do not post it publicly on GitHub. Instead, contact our security team directly by emailing security@2fas.com. If possible, please encrypt your message using our PGP key ([here](https://keys.openpgp.org/search?q=security%402fas.com))
|
||||||
|
|
||||||
|
To help us address the issue quickly, please include the following information:
|
||||||
|
|
||||||
|
- The specific product affected (e.g., iOS app, Android app, Browser Extension, API server, etc.)
|
||||||
|
- Type of issue (e.g., unauthorized data access, privilege escalation, etc.)
|
||||||
|
- Detailed steps to reproduce the issue
|
||||||
|
- Any relevant details about the affected environment (e.g., device model, OS version)
|
||||||
|
- Potential impact and any proof-of-concept code, if available
|
||||||
|
|
||||||
|
You should expect a response within 72 hours. If you don't receive a confirmation, please follow up to ensure we received your report.
|
||||||
|
|
||||||
|
## Communication Language
|
||||||
|
|
||||||
|
We prefer all communications to be in English.
|
||||||
|
|
||||||
|
## Policy
|
||||||
|
|
||||||
|
2FAS adheres to the principles of Coordinated Vulnerability Disclosure.
|
Loading…
Reference in New Issue
Block a user