diff --git a/SECURITY.md b/SECURITY.md index 097dfad3..8b25c541 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,8 +1,7 @@ - +# Security -## Security - -If you believe you have found a security vulnerability in any SecretFlow repository that meets [SecretFlow's definition of a security vulnerability](https://security.alipay.com/announcement.htm?id=1), please report it to us as described below. +If you believe you have found a security vulnerability in any SecretFlow repository that meets +[SecretFlow's definition of a security vulnerability](https://security.alipay.com/announcement.htm?id=1), please report it to us as described below. ## Reporting Security Issues @@ -10,26 +9,23 @@ If you believe you have found a security vulnerability in any SecretFlow reposit Instead, please report them to the ANT GROUP SECURITY Response Center at [https://security.alipay.com/](https://security.alipay.com/). -If you prefer to submit without logging in, send email to [antsrc@alipay.com](mailto:antsrc@alipay.com). +If you prefer to submit without logging in, send email to [antsrc@alipay.com](mailto:antsrc@alipay.com). -You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [https://security.alipay.com/](https://security.alipay.com/). +You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message. +Additional information can be found at [https://security.alipay.com/](https://security.alipay.com/). Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: - * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) - * Full paths of source file(s) related to the manifestation of the issue - * The location of the affected source code (tag/branch/commit or direct URL) - * Any special configuration required to reproduce the issue - * Step-by-step instructions to reproduce the issue - * Proof-of-concept or exploit code (if possible) - * Impact of the issue, including how an attacker might exploit the issue +* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) +* Full paths of source file(s) related to the manifestation of the issue +* The location of the affected source code (tag/branch/commit or direct URL) +* Any special configuration required to reproduce the issue +* Step-by-step instructions to reproduce the issue +* Proof-of-concept or exploit code (if possible) +* Impact of the issue, including how an attacker might exploit the issue This information will help us triage your report more quickly. - ## Preferred Languages We prefer all communications to be in Chinese or English. - - -