Skip to content

Commit

Permalink
docs: security file (#164)
Browse files Browse the repository at this point in the history 
* 1

* add link to readme
  • Loading branch information
@Reecepbcups
Reecepbcups authored Apr 15, 2024
1 parent f9dc521 commit 32ac0bc
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 0 deletions.
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

The Proof of Authority (PoA) module allows for permissioned networks to be controlled by a predefined set of validators to verify transactions. This implementation extends the Cosmos-SDK's x/staking module to a set of administrators over the chain. These administrators gate keep the chain by whitelisting validators, updating consensus power, and removing validators from the network.

## Security

Our security policy can be found in the [SECURITY.md](./SECURITY.md) file.

## Integration

Since this module depends on x/staking, carefully read through the [Integration Guide](./INTEGRATION.md) to add it to your network. This design choice was made to allow for the PoA module to have backwards compatibility with:
Expand Down
27 changes: 27 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Security Policy

The Cosmos ecosystem believes that strong security is a blend of highly technical security researchers who care about security and the forward progression of the ecosystem and the attentiveness and openness of Cosmos core contributors to help continually secure our operations.

> **IMPORTANT**: DO NOT open public issues on this repository for security vulnerabilities.
## Supported Versions

We release patches for security vulnerabilities. Any dependent Cosmos-SDK versions which are still maintained upstream will be supported in this repository. The team will continue to accept patches from the community for legacy and unsupported versions of the software.

## Reporting a Vulnerability

Please report (suspected) security vulnerabilities to
**[[email protected]](mailto:[email protected])**. If the issue is confirmed, we will release a patch as soon
as possible depending on complexity.

# Guidelines

We require that all researchers:
- Abide by this policy to disclose vulnerabilities, and avoid posting vulnerability information in public places, including GitHub, Discord, Telegram, and Twitter.
- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems (including but not limited to networks using the affected software), and destruction of data.
- Keep any information about vulnerabilities that you’ve discovered confidential between yourself and the engineering team until the issue has been resolved and disclosed.
- Avoid posting personally identifiable information, privately or publicly.

If you follow these guidelines when reporting an issue to us, we commit to:
- Not pursue or support any legal action related to your research on this vulnerability
- Work with you to understand, resolve and ultimately disclose the issue in a timely fashion

0 comments on commit 32ac0bc

Please sign in to comment.