41 lines
1.4 KiB
Markdown
41 lines
1.4 KiB
Markdown
# Security Policy
|
|
|
|
Popcorn Time takes the security seriously.
|
|
|
|
If you believe you have found a security vulnerability in this repository, please report it responsibly.
|
|
|
|
---
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
> [!CAUTION]
|
|
> Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
|
|
|
|
- Use [private vulnerability reporting on GitHub](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) to submit directly.
|
|
- Alternatively, email us at **hello@popcorntime.app**.
|
|
|
|
---
|
|
|
|
## Scope
|
|
|
|
- Vulnerabilities in this repository and related Popcorn Time open-source code.
|
|
- Popcorn Time apps and services operated under the official `popcorntime.app` domain.
|
|
|
|
---
|
|
|
|
## Rewards
|
|
|
|
For severe vulnerabilities we may offer rewards as a token of appreciation, depending on impact and severity. While we cannot guarantee payouts for all reports, critical findings will be prioritized.
|
|
|
|
---
|
|
|
|
## Responsible Disclosure
|
|
|
|
- Do not publicly disclose vulnerabilities until we have confirmed and addressed the issue.
|
|
- We will work with you to verify the finding, assess severity, and publish a fix as quickly as possible.
|
|
- Credit will be given to reporters who wish to be acknowledged.
|
|
|
|
---
|
|
|
|
Thanks for helping make Popcorn Time safer for everyone.
|