mirror of
https://github.com/mdn/webextensions-examples.git
synced 2026-04-16 06:18:35 +02:00
d3eb52083b
* docs(SECURITY): sync security policy * Apply suggestions from code review Co-authored-by: rebloor <git@sherpa.co.nz> --------- Co-authored-by: rebloor <git@sherpa.co.nz>
26 lines
1.3 KiB
Markdown
26 lines
1.3 KiB
Markdown
# Security Policy
|
|
|
|
## Overview
|
|
|
|
This policy applies to MDN's website (`developer.mozilla.org`), backend services, and GitHub repositories in the [`mdn`](https://github.com/mdn) organization. Issues affecting other Mozilla products or services should be reported through the [Mozilla Security Bug Bounty Program](https://www.mozilla.org/en-US/security/bug-bounty/).
|
|
|
|
For non-security issues, please file a [content bug](https://github.com/mdn/content/issues/new/choose), a [website bug](https://github.com/mdn/fred/issues/new/choose), or a [content or feature suggestion](https://github.com/mdn/mdn/issues/new/choose).
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a potential security issue, please report it privately via <https://hackerone.com/mozilla>.
|
|
|
|
If you prefer not to use HackerOne, you can report it via <https://bugzilla.mozilla.org/form.web.bounty>.
|
|
|
|
## Bounty Program
|
|
|
|
Vulnerabilities in MDN may qualify for Mozilla's Bug Bounty Program. Eligibility and reward amounts are described on <https://hackerone.com/mozilla>.
|
|
|
|
Please use the vulnerability reporting channels even if you are not interested in a bounty reward.
|
|
|
|
## Responsible Disclosure
|
|
|
|
Please do not publicly disclose details until Mozilla's security team and the MDN engineering team have verified and fixed the issue.
|
|
|
|
We appreciate your efforts to keep MDN and its users safe.
|