Skip to content

[elgamal-registry] Add security txt for elgamal-registry and add SECURITY.md #337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 28, 2025
Merged

[elgamal-registry] Add security txt for elgamal-registry and add SECURITY.md #337

merged 4 commits into from
Mar 28, 2025

Conversation

samkim-crypto
Copy link
Contributor

@samkim-crypto samkim-crypto commented Mar 27, 2025
edited
Loading

Problem

There is no security-txt in the elgamal registry program yet.

Summary of Changes

This is analogous to solana-program/record#52. I added security-txt and also SECURITY.md for the repo.

@samkim-crypto samkim-crypto marked this pull request as ready for review March 28, 2025 04:24
@samkim-crypto samkim-crypto requested a review from joncinque March 28, 2025 04:24
joncinque
joncinque reviewed Mar 28, 2025
View reviewed changes
Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking care of this!

SECURITY.md
If you haven't done so already, please **enable two-factor auth** in your GitHub account.

Expect a response as fast as possible in the advisory, typically within 72 hours.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since token-2022 should definitely be eligible for bug bounties, let's add the part about bounties:

## Security Bug Bounties
The Solana Foundation offer bounties for critical security issues. Please
see the [Agave Security Bug
Bounties](https://github.com/anza-xyz/agave/security/policy#security-bug-bounties)
for details on classes of bugs and payment amounts.

## Scope

Only the `spl-token-2022` program is included in the bounty scope, at [program](https://github.com/solana-program/token-2022/tree/master/program).

If you discover a critical security issue in an out-of-scope component, your finding
may still be valuable.

@samkim-crypto
Copy link
Contributor Author

Oh shoot, sorry I just copied and pasted from record and forgot to update it for token 🙏 ...

joncinque
joncinque approved these changes Mar 28, 2025
View reviewed changes
Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@samkim-crypto samkim-crypto merged commit 7aa7a4d into solana-program:main Mar 28, 2025
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joncinque joncinque joncinque approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samkim-crypto @joncinque