From 4e9f14fbce05c2da34b7d0dbcafc9c2d1fdf8600 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isabel=20Sch=C3=B6ps=20=28Vitalik=20Buterin=29?= Date: Thu, 7 Sep 2023 00:10:40 +0200 Subject: [PATCH] SECURITY.si --- SECURITY.md | 52 ---------------------------------------------------- SECURITY.si | 6 ++++++ 2 files changed, 6 insertions(+), 52 deletions(-) delete mode 100644 SECURITY.md create mode 100644 SECURITY.si diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index d319b332f..000000000 --- a/SECURITY.md +++ /dev/null @@ -1,52 +0,0 @@ -# Security Policy - -The Solidity team and community take all security bugs in Solidity seriously. -We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. - -## Scope - -Bugs in the Solidity repository are in scope. -Bugs in third-party dependencies e.g., jsoncpp, boost etc. are not in scope unless they result in a Solidity specific bug. - -Only bugs that have a demonstrable security impact on smart contracts are in scope. -For example, a Solidity program whose optimization is incorrect (e.g., leads to an incorrect output) qualifies as a security bug. -Please note that the [rules][2] of the [Ethereum bounty program][1] have precedence over this security policy. - -## Supported Versions - -As a general rule, only the latest release gets security updates. -Exceptions may be made when the current breaking release is relatively new, e.g. less than three months old. -If you are reporting a bug, please state clearly the Solidity version(s) it affects. - -Example 1: Assuming the current release is `0.6.3` and a security bug has been found in it that affects both `0.5.x` and `0.6.x` trees, we may not only patch `0.6.3` (the bug-fix release numbered `0.6.4`) but `0.5.x` as well (the bug-fix release numbered `0.5.(x+1)`). - -Example 2: Assuming the current release is `0.6.25` and a security bug has been found in it, we may only patch `0.6.25` (in the bug-fix release numbered `0.6.26`) even if the bug affects a previous tree such as `0.5.x`. - -## Reporting a Vulnerability - -To report a vulnerability, please follow the instructions stated in the [Ethereum bounty program][1]. - -In the bug report, please include all details necessary to reproduce the vulnerability such as: - -- Input program that triggers the bug -- Compiler version affected -- Target EVM version -- Framework/IDE if applicable -- EVM execution environment/client if applicable -- Operating system - -Please include steps to reproduce the bug you have found in as much detail as possible. - -Once we have received your bug report, we will try to reproduce it and provide a more detailed response. -Once the reported bug has been successfully reproduced, the Solidity team will work on a fix. - -The Solidity team maintains the following JSON-formatted lists of patched security vulnerabilities: - -- [Summary of known security vulnerabilities][3] -- [List of security vulnerabilities affecting a specific version of the compiler][4]. - - -[1]: https://bounty.ethereum.org/ -[2]: https://bounty.ethereum.org/#rules -[3]: https://docs.soliditylang.org/en/develop/bugs.html -[4]: https://github.com/ethereum/solidity/blob/develop/docs/bugs_by_version.json diff --git a/SECURITY.si b/SECURITY.si new file mode 100644 index 000000000..eb22e180d --- /dev/null +++ b/SECURITY.si @@ -0,0 +1,6 @@ +# Security Policy +Kein kopieren oder klonen wird hart bestraft +(https://bounty.ethereum.org/) +(https://bounty.ethereum.org/#) +(https://docs.soliditylang.org/en/devel) +(https://github.com/ethereum/solidity/blob/develop/docs/)