mirror of
https://github.com/Combodo/iTop.git
synced 2026-02-13 07:24:13 +01:00
37 lines
1.5 KiB
Markdown
37 lines
1.5 KiB
Markdown
# 🔒 Reporting vulnerabilities
|
|
|
|
We take all security bugs seriously. Thank you for improving the security of iTop! We appreciate your efforts and
|
|
responsible disclosure and will make every effort to acknowledge your contributions.
|
|
|
|
|
|
## ✉️ How to report
|
|
|
|
### iTop vulnerabilities
|
|
Please send a procedure to reproduce iTop vulnerabilities to [itop-security@combodo.com](mailto:itop-security@combodo.com).
|
|
|
|
You can send us a standard "given / then / when" report, including iTop version, impacts, and maybe installed modules or data if they are
|
|
needed to reproduce.
|
|
|
|
### Dependencies vulnerabilities
|
|
Report security bugs in third-party modules to the person or team maintaining the module, and notify us of this report by sending an email
|
|
to [itop-security@combodo.com](mailto:itop-security@combodo.com).
|
|
|
|
|
|
|
|
## 📆 Disclosure Policy
|
|
|
|
Report sent to us will be acknowledged within the week.
|
|
|
|
Then, a Combodo developer will be assigned to the reported issue and will:
|
|
|
|
* confirm the problem and determine the affected iTop versions
|
|
* audit the code to search any potential similar problems
|
|
* try to find a workaround if any
|
|
* create fixes for all releases still under maintenance
|
|
* send you the commit(s) for review
|
|
* send you the next version(s) that will contain the fix, and the estimated release dates
|
|
|
|
Security issues always take precedence over bug fixes and feature work.
|
|
|
|
The assignee will keep you informed of the resolution progress, and may ask you for additional information or guidance.
|