docs: update chatwoot VDP guidelines (#2740)

pull/2747/head
Vishnu Narayanan 3 years ago committed by GitHub
parent 0475060245
commit 9b01b82cc7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -91,7 +91,10 @@ Follow this [link](https://www.chatwoot.com/docs/environment-variables) to under
Please follow [deployment architecture guide](https://www.chatwoot.com/docs/deployment/architecture) to deploy with Docker or Caprover.
---
#### Security
Looking to report a vulnerability? Please refer our [SECURITY.md](./SECURITY.md) file.
---
### Contributors ✨
Thanks goes to all these [wonderful people](https://www.chatwoot.com/docs/contributors):

@ -1,8 +1,31 @@
# Security Policy
Chatwoot is looking forward to working with security researchers across the world to keep Chatwoot and our users safe. If you have found an issue in our systems/applications, please reach out to us.
## Reporting a Vulnerability
We use [huntr.dev](https://huntr.dev/) for security issues that affect our project. If you believe you have found a vulnerability, please disclose it via this [form](https://huntr.dev/bounties/disclose).
This will enable us to review the vulnerability, fix it promptly, and reward you for your efforts.
If you have any questions about the process, feel free to reach out to hello@chatwoot.com.
If you have any questions about the process, feel free to reach out to security@chatwoot.com.
## Out of scope
Please do not perform testing against Chatwoot production services. Use a self hosted instance to perform tests.
We consider the following to be out of scope, though there may be exceptions.
- Missing HTTP security headers
- Self XSS
- HTTP Host Header XSS without working proof-of-concept
- Incomplete/Missing SPF/DKIM
- Denial of Service attacks
- DNSSEC
- Social Engineering attacks
If you are not sure about the scope, please create a report.
## Thanks
Thank you for keeping Chatwoot and our users safe. 🙇

Loading…
Cancel
Save