chore: Create Security Research Policy (#101)

storacha · Jan 24, 2025 · a5e3e7c · a5e3e7c
1 parent 239600f
commit a5e3e7c
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/src/pages/docs/_meta.json b/src/pages/docs/_meta.json
@@ -9,6 +9,7 @@
   "faq": "FAQ",
   "privacy-policy": "Privacy Policy",
   "service-level-agreement": "Service level agreement",
+  "security-research-policy": "Security Research Policy",
   "terms": "Terms of service",
   "specs": {
     "newWindow": true,

diff --git a/src/pages/docs/security-research-policy.md b/src/pages/docs/security-research-policy.md
@@ -0,0 +1,21 @@
+# web3.storage Security Research Policy
+
+## Overview
+Our security research program is private and invitation-only. We do not accept unsolicited vulnerability reports or offer rewards for unrequested security research. 
+
+## Important Notice
+- All security testing must be pre-authorized in writing
+- Unauthorized security testing is prohibited
+- We do not provide bug bounties or rewards for unsolicited findings
+- Unauthorized testing may violate our Terms of Service and applicable laws
+
+## Reporting Security Issues
+1. Do not conduct any further testing
+2. Do not exploit the vulnerability
+3. Contact [email protected]
+4. Wait for explicit written authorization before any further action
+
+## Legal Notice
+Any unauthorized security testing, vulnerability scanning, or penetration testing of our systems is strictly prohibited and may result in legal action. We reserve all rights to pursue appropriate remedies against unauthorized security testing.
+
+Contact: [email protected]