This document outlines the security policy and associated procedures for BSidesSF.
The BSidesSF staff takes all vulnerability reports seriously. Thank you for improving the security of BSidesSF. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
Report any potential security vulnerabilities by emailing security [@] bsidessf.org.
A member of the BSidesSF security team will acknowledge your email as soon as possible, and will send a more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and announcement (as needed), and may ask for additional information or guidance.
Report security bugs in third-party services to the person or team maintaining the service.
When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the issue, involving the following steps:
- Confirm the problem and determine the affected systems.
- Audit code/infrastructure to find any potential similar problems.
- Prepare and/or coordinate fixes for any affected code/infrastructure.
If you have suggestions on how this process could be improved, please email security [@] bsidessf.org.