From 20902a715ec79546983058a70dd1c80ef48c5818 Mon Sep 17 00:00:00 2001 From: bobby <1544881+desimone@users.noreply.github.com> Date: Sun, 23 Jan 2022 17:26:09 -0800 Subject: [PATCH] Update security.md (#2959) Unfortunately, it looks like all the low-effort security reports we get are coming from this list. Many times, the "researcher" is actually reporting a vulnerability on their own machine (foo.localhost.pomerium.io). https://github.com/sushiwushi/bug-bounty-dorks/blob/master/dorks.txt#L70 --- docs/docs/community/security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/community/security.md b/docs/docs/community/security.md index 9b5246cc3..401c39d44 100644 --- a/docs/docs/community/security.md +++ b/docs/docs/community/security.md @@ -123,9 +123,9 @@ This process can take some time. Every effort will be made to handle the bug in ## Reporting a Security Bug -If you believe you've found a security vulnerability in Pomerium, please notify us; we will work with you to resolve the issue promptly. Thank you for helping to keep Pomerium and our users safe! Though at this time we do not have a paid bug bounty program, we deeply appreciate any effort to discover and disclose security vulnerabilities responsibly. +Please notify us of any potential vulnerability discovered in Pomerium. We will work with you to resolve the issue promptly. Thank you for helping to keep Pomerium and our users safe! Though at this time we do not have a paid bug bounty program, we deeply appreciate any effort to discover and disclose security vulnerabilities responsibly. -All security bugs in Pomerium should be reported by email to security@pomerium.com . Your email will be acknowledged within 48 hours, and you'll receive a more detailed response to your email within 72 hours indicating the next steps in handling your report. +All security bugs in Pomerium should be reported by email to security@pomerium.com . Your email will be acknowledged within 48 hours, and you'll receive a more detailed response to your email within 72 hours indicating the next steps in handling your report. This response policy applies only to Pomerium itself, not to our marketing or docs sites. While researching, we'd like you to refrain from: