From 409f1e00422b00945e4cd2cf3778491caf5490a7 Mon Sep 17 00:00:00 2001 From: Shay Zluf Date: Sun, 12 Jun 2022 17:47:09 +0300 Subject: [PATCH 1/4] Create a security standart file --- SECURITY.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..f30b25be8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,11 @@ +# Security Policy + +## Supported Versions + +[Releases](https://github.com/hats-finance/hats/releases/) contains all available releases. We recommend using the [most recently released version](https://github.com/prysmaticlabs/prysm/releases/latest). + +## Reporting a Vulnerability + +Please see our signed [security.txt](https://github.com/hats-finance/hats/blob/develop/.well-known/security.txt) for preferred encryption and reporting destination. + +**Please do not file a public ticket** mentioning the vulnerability, as doing so could increase the likelihood of the vulnerability being used before a fix has been created, released and installed on the network. From 02584aa99c48e701bbfc78caf03ccf7861750ceb Mon Sep 17 00:00:00 2001 From: Shay Zluf Date: Tue, 21 Jun 2022 11:45:44 +0300 Subject: [PATCH 2/4] added pgp public key --- SECURITY.md | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index f30b25be8..188553be4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,10 +2,47 @@ ## Supported Versions -[Releases](https://github.com/hats-finance/hats/releases/) contains all available releases. We recommend using the [most recently released version](https://github.com/prysmaticlabs/prysm/releases/latest). +[Releases](https://github.com/hats-finance/hats/releases/) contains all available releases. We recommend using the [most recently released version]([https://github.com/prysmaticlabs/prysm/releases/](https://github.com/hats-finance/hats/releases/)latest). ## Reporting a Vulnerability -Please see our signed [security.txt](https://github.com/hats-finance/hats/blob/develop/.well-known/security.txt) for preferred encryption and reporting destination. +Please send vulnerability reports to [security@hats.finance](security@hats.finance) and encrypt sensitive messages using our PGP key. **Please do not file a public ticket** mentioning the vulnerability, as doing so could increase the likelihood of the vulnerability being used before a fix has been created, released and installed on the network. + + +PGP key: + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsBNBGDsi/sBCADzbGc9+HYUSpkHsOoGhKPOf9BGuqv0C9FXqYvkYGtI/t6/ +IkmcRGjYkQrrwRt213/Jtg8jiI/R53u2qIuuPQ67mgEReF55wghK2f3WRDqN +RSHkSGfFiAOUvJtSMZ4yPLikip45L2O71hl1YqQLAYKH3N42mJ64/3mWI8bx +fIv9vHF5ivokQ5c32SQYOJ5qbclT6pAYYl6EIc6GoGtWQmtOCk3b8f6bhv16 +E+tXmtWQfnz3jHXUKzQgyvxLo/nHFsH5cdYIp62qXH23BjHECFX+qRMAX12c +zN4H/9gwjhwfO/6T6njwHmE3x8bJ/+RA7YbmBXQHbaltcbBXTTYdPKVhABEB +AAHNHGZlZG9yYSA8ZmVkb3JhQGhhdHMuZmluYW5jZT7CwKsEEwEIAD4WIQSF +V031QnC0+kE1MxadmLrXxXV0MwUCYOyL+wIbAwUJA8JnAAULCQgHAgYVCgkI +CwIEFgIDAQIeAQIXgAAhCRCdmLrXxXV0MxYhBIVXTfVCcLT6QTUzFp2YutfF +dXQzuAEH/0/I4r/9T2bUe+bboGjKNemLcgQ8y6a9KLULfMSectqV3iAKtSIC +a/cEhmQuZo8REKCYa1k5B+Mv2xBz1KM2hfK34aXegGIDPxrTJoG0IlyF+pqd +Xeb9u3wia36o7fNSHxRNKnCTsVQvDxmMPg176874dgKjY3YtTvljv+ihmUtR +SMCQj3NgE2wflhYvQMDbYjqCaIruT+7uLrBlC+LI1QH1Gv3QM58t353YkAxA +NHHuR8V/9HWRvNKC5JHuzKYx3o5cpyjSHseST5C2uikCpCtLtWQQ8kPgteGl +Wj/6SYRzxW9F+GQdbsIk2w2A6reUghR1afgE+nTUhe0WI50QtKLOwE0EYOyL ++wEIANWKDOKi1ebmj6AKHByNN59bN2cwuQvj4whCYCHQRHX22u7JD4C5aSVn +cibX7GOHXJcqUEo0T54tOC6I+IFqIfg/lC+73RyTJ9FAGMoHKA+Fn2oBHNw9 +jweAaopDobFZoTwk72rQASUND4x1Xp9gR0FiDQZOfzpPgAI8Dt5se4X8zcLL +/IlT04dyAY+qOXOoLzNQZDaeg9IBTx2S6kt1NtXHI5+YaGF4EOWiHq/RWI0B +rmDU1+1tWgUfyCrY0iBa9JcmVSfvqNieWX8BY5OBg0jb2Oin4fuE9I34/0U8 +RNkGM8JIMNGHC2/QUlBDSYaAMR1gK/u7OixbOKkTDAIzNiMAEQEAAcLAkwQY +AQgAJhYhBIVXTfVCcLT6QTUzFp2YutfFdXQzBQJg7Iv7AhsMBQkDwmcAACEJ +EJ2YutfFdXQzFiEEhVdN9UJwtPpBNTMWnZi618V1dDP/UQf+OG9y8DmrUSLm +XHsq5ANR4wtmTMUzFGacWIHxCGb/QjNvAh0oCFuyXFkxVCSUPzj/ysXCRhJD +pX9aXua0ezCJ8P4Tr3hs6v0I9Ri+gXfMhx6EGFHEhiVn3HNSJYhB48Omr+i4 +3I+gfv2fqdJICwV4z1DZ4JlCu7B7vOm8ipZxO3SJZNJ62TKOQ5mQULkAQpIG +O+Bqko7LQU6LOTv19X0oMBwRg9LHux/oXbU2xpfwJ5falqcORVPIgYoGnlxa +Sb29PbeEZsiT1Qd81HmxF4Zi5f0YrAU77VYB0QylHTQbIycVoYzZmWK6Q2u8 +DRduxnVscoqNbjycLd8zQ0kbvNg2kw== +=mxsI +-----END PGP PUBLIC KEY BLOCK----- From cb9472b77304cf61322cc42deb2dabfa52acbfdc Mon Sep 17 00:00:00 2001 From: Shay Zluf Date: Thu, 22 Sep 2022 10:28:05 +0300 Subject: [PATCH 3/4] update --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 188553be4..f1a428be4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ ## Supported Versions -[Releases](https://github.com/hats-finance/hats/releases/) contains all available releases. We recommend using the [most recently released version]([https://github.com/prysmaticlabs/prysm/releases/](https://github.com/hats-finance/hats/releases/)latest). +[Releases](https://github.com/hats-finance/hats/releases/) contains all available releases. We recommend using the [most recently released version]([https://github.com/hats-finance/hats/releases/](https://github.com/hats-finance/hats/releases/)latest). ## Reporting a Vulnerability From b88ec2785963b6e870004e79e3d013d0142e5af8 Mon Sep 17 00:00:00 2001 From: Shay Zluf Date: Thu, 22 Sep 2022 10:29:51 +0300 Subject: [PATCH 4/4] Update SECURITY.md --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index f1a428be4..78e684de0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ ## Supported Versions -[Releases](https://github.com/hats-finance/hats/releases/) contains all available releases. We recommend using the [most recently released version]([https://github.com/hats-finance/hats/releases/](https://github.com/hats-finance/hats/releases/)latest). +[Releases](https://github.com/hats-finance/hats/releases/) contains all available releases. We recommend using the [most recently released version]([https://github.com/hats-finance/hats/releases/](https://github.com/hats-finance/hats/releases/latest). ## Reporting a Vulnerability