From 459a8ec895070f7c3a181bd7c74c80e058db46f2 Mon Sep 17 00:00:00 2001 From: gmachnio Date: Fri, 30 Aug 2024 01:00:12 +0200 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..3f491cb5 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security + +At 2FAS, the security is a top priority. If you encounter a potential security issue please report it following the guidelines below. + +## Reporting Security Issues + +If you believe you've discovered a security vulnerability in iOS mobile application, please do not post it publicly on GitHub. Instead, contact our security team directly by emailing security@2fas.com. If possible, please encrypt your message using our PGP key ([here](https://keys.openpgp.org/search?q=security%402fas.com)) + +To help us address the issue quickly, please include the following information: + +- The specific product affected (e.g., iOS app, Android app, Browser Extension, API server, etc.) +- Type of issue (e.g., unauthorized data access, privilege escalation, etc.) +- Detailed steps to reproduce the issue +- Any relevant details about the affected environment (e.g., device model, OS version) +- Potential impact and any proof-of-concept code, if available + +You should expect a response within 72 hours. If you don't receive a confirmation, please follow up to ensure we received your report. + +## Communication Language + +We prefer all communications to be in English. + +## Policy + +2FAS adheres to the principles of Coordinated Vulnerability Disclosure.