From 12dc4dd967fe822d41dbc2f75b42b32b6587e784 Mon Sep 17 00:00:00 2001 From: pochoclin Date: Wed, 17 Sep 2025 10:42:30 -0400 Subject: [PATCH] chore(github): add `SECURITY.md` (#3132) --- SECURITY.md | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..dfdd8dbbf --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,40 @@ +# Security Policy + +Popcorn Time takes the security seriously. + +If you believe you have found a security vulnerability in this repository, please report it responsibly. + +--- + +## Reporting a Vulnerability + +> [!CAUTION] +> Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests. + +- Use [private vulnerability reporting on GitHub](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) to submit directly. +- Alternatively, email us at **hello@popcorntime.app**. + +--- + +## Scope + +- Vulnerabilities in this repository and related Popcorn Time open-source code. +- Popcorn Time apps and services operated under the official `popcorntime.app` domain. + +--- + +## Rewards + +For severe vulnerabilities we may offer rewards as a token of appreciation, depending on impact and severity. While we cannot guarantee payouts for all reports, critical findings will be prioritized. + +--- + +## Responsible Disclosure + +- Do not publicly disclose vulnerabilities until we have confirmed and addressed the issue. +- We will work with you to verify the finding, assess severity, and publish a fix as quickly as possible. +- Credit will be given to reporters who wish to be acknowledged. + +--- + +Thanks for helping make Popcorn Time safer for everyone.