badges/shields
1
0
Fork 0
mirror of https://github.com/badges/shields.git synced 2025-04-17 08:37:04 +03:00
Code

update security policy: clarify we don't pay bounties (#10934)

Browse Source
This commit is contained in:
chris48s 2025-03-08 18:19:50 +00:00 committed by GitHub
parent 7d7ec20ae0
commit 309b0fe33f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SECURITY.md
View File

@ -23,3 +23,7 @@ Report security bugs in third-party modules to the person or team maintaining th
We aim to patch confirmed vulnerabilities within 90 days or less, disclosing the details of those vulnerabilities when a patch is published. We ask that you refrain from sharing your report with others while we work on our patch.
We may want to coordinate an advisory with you to be published simultaneously with the patch, but you are also welcome to self-disclose after 90 days if you prefer. We will never publish information about you or our communications with you without your permission.
## Bounties
Everyone who works on shields is an unpaid volunteer. That includes the core team, contributors and people who report security vulnerabilities. This means we are unable to offer bug or security bounties.