Skip to content

Security: bunkerity/bunkerweb

SECURITY.md

Security policy

Even though this project is focused on security, it is still prone to possible vulnerabilities. We consider every security bug as a serious issue and will try our best to address it.

Responsible disclosure

If you have found a security bug, please send us an email at security [@] bunkerity.com (using a ProtonMail if possible) with technical details so we can resolve it as soon as possible.

Here is a non-exhaustive list of issues we consider as high risk :

  • Vulnerability in the code
  • Bypass of a security feature
  • Vulnerability in a third-party dependency
  • Risk in the supply chain

Bounty

To encourage responsible disclosure, we may reward you with a bounty at the sole discretion of the maintainers.

Learn more about advisories related to bunkerity/bunkerweb in the GitHub Advisory Database