2fas-browser-extension/SECURITY.md

26 lines
1.2 KiB
Markdown
Raw Permalink Normal View History

2024-08-13 09:48:52 +02:00
# Security
At 2FAS, the security is a top priority. If you encounter a potential security issue please report it following the guidelines below.
## Reporting Security Issues
If you believe you've discovered a security vulnerability in our Browser Extension, please do not post it publicly on GitHub. Instead, contact our security team directly by emailing [security@2fas.com](mailto:security@2fas.com). If possible, please encrypt your message using our PGP key ([here](https://keys.openpgp.org/search?q=security%402fas.com))
To help us address the issue quickly, please include the following information:
- The specific product affected (e.g., iOS app, Android app, Browser Extension, API server, etc.)
- Type of issue (e.g., unauthorized data access, privilege escalation, etc.)
- Detailed steps to reproduce the issue
- Any relevant details about the affected environment (e.g., device model, OS version)
- Potential impact and any proof-of-concept code, if available
You should expect a response within 72 hours. If you don't receive a confirmation, please follow up to ensure we received your report.
## Communication Language
We prefer all communications to be in English.
## Policy
2FAS adheres to the principles of Coordinated Vulnerability Disclosure.