-
Notifications
You must be signed in to change notification settings - Fork 68
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
71636c3
commit 13abd76
Showing
1 changed file
with
28 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # Security Guidelines for this Project | ||
|
|
||
| ## How the Jet Security team manages security for this project | ||
|
|
||
| Jet.com takes security seriously and wants to ensure that we maintain a secure environment for our customers and that we also provide secure solutions for the open source community. To help us achieve these goals, please note the following before using this software: | ||
|
|
||
| - Review the software license to understand Jet's obligations in terms of warranties and suitability for purpose | ||
| - For any questions or concerns about security, you can reach out directly to Jet's security team at security@jet.com | ||
| - We request that you work with our security team and opt for [responsible disclosure](https://corporate.walmart.com/article/responsible-disclosure-policy) using the guidelines below | ||
| - This software repository *is included* in [Jet's public Bug Bounty](https://bugcrowd.com/jet); we reward those who help us keep our code secure (if you do not want to participate in the bug bounty program, you can report directly to us as well) | ||
| - We enforce SLAs on our security team and software engineers to remediate security bugs in a timely manner | ||
| - All security related issues and pull requests you make should be tagged with "security" for easy identification | ||
| - Please monitor this repository and update your environment in a timely manner as we release patches and updates | ||
|
|
||
| ## Responsibly Disclosing Security Bugs to Jet | ||
|
|
||
| If you find a security bug in this repository, please work with Jet's security team following responsible disclosure principles and these guidelines: | ||
|
|
||
| - Do not submit a normal issue or pull request in our public repository, instead report through our Bug Bounty or directly to security@jet.com (If you would like to encrypt, please contact us for keys) | ||
| - We will review your submission and may follow up for additional details | ||
| - If you have a patch, we will review it and approve it privately; once approved for release you can submit it as a pull request publicly in our repos (we give credit where credit is due) | ||
| - We will keep you informed during our investigation, feel free to check in for a status update | ||
| - We will release the fix and publicly disclose the issue as soon as possible, but want to ensure we do proper due diligence before releasing | ||
| - Please do not publicly blog or post about the security issue until after we have updated the public repo so that other downstream users have an opportunity to patch | ||
|
|
||
| ## Contact / Misc. | ||
|
|
||
| If you have any questions, please reach out directly to the Jet.com Security team at security@jet.com |