Skip to content

Commit

Permalink
Merge branch 'v4.5.x' of https://github.com/blair2004/NexoPOS-4x into…
Browse files Browse the repository at this point in the history 
… v4.5.x
  • Loading branch information
@Blair2004
Blair2004 committed Sep 30, 2021
2 parents 0b75b0c + 1ae4dca commit 5242ac9
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions SECURITY.md
View file
@@ -0,0 +1,22 @@
# Guideline For Reporting Vulnerability
First of all, thank you for taking time to read this. We believe, you're considering sharing what could be a security issue that might affect every installation running NexoPOS 4.x.
We believe in the power of open-source and contributions of it's adherants, that's why regardless of wether your report is proven or not, it's welcome.

# What Can Be Reported ?
Basically, everything that could be a leak, that makes the system's (NexoPOS) security inefficient, anything that can expose the server (files & database) or that makes the system to be used in a manner that is out of the purpose we're aiming.
It can be sensitive information that are accessible without any permission restriction or any error thrown, that might expose the database structure. To ease a quick fix of those major concern, bugs (something that doesn't works as it should)
aren't included on this, unless that bug expose the system.

# Where To Report Those Concerns
Security vulnerabilities should be reported responsibily. We, the developers, should have enough time to either answer to the report and to provide a fix to it. According to the disponibilty and the complexity of the concern,
we might not give an exact hint on when those will be resolved, but as must as possible, we rather don't want those to be disclosed publicly as a vulnerability, unless we haven't taken any action
during a long period (6 months), so that anyone on the community might be aware of those and then either chose to fix or to take any relevant action.

The concern should priorily be reported to `contact@nexopos.com`. We'll usually reply once we receive a report and we'll also share either the commit or the version to test the most recent version with the fix.

# Thank You
If we haven't said that yet, we're really thankful for your consideration. Reporting this shows how much you care about our effort and would like to bring your contribution and that's really appreciated.

Kind Regards.

Blair.

0 comments on commit 5242ac9

Please sign in to comment.