|
|
@@ -16,7 +16,7 @@ Administrators are encouraged to adhere to industry best practices concerning th
|
|
|
|
|
|
## Reporting a Suspected Vulnerability
|
|
|
|
|
|
-If you believe you've uncovered a security vulnerability and wish to report it confidentially, you may do so via email. Please note that any reported vulnerabilities **MUST** meet all the following conditions:
|
|
|
+If you believe you've uncovered a security vulnerability and wish to report it confidentially, you may do so by emailing `security@netboxlabs.com`. Please ensure that your report meets all the following conditions:
|
|
|
|
|
|
* Affects the most recent stable release of NetBox, or a current beta release
|
|
|
* Affects a NetBox instance installed and configured per the official documentation
|
|
|
@@ -24,7 +24,7 @@ If you believe you've uncovered a security vulnerability and wish to report it c
|
|
|
|
|
|
Please note that we **DO NOT** accept reports generated by automated tooling which merely suggest that a file or file(s) _may_ be vulnerable under certain conditions, as these are most often innocuous.
|
|
|
|
|
|
-If you believe that you've found a vulnerability which meets all of these conditions, please [submit a draft security advisory](https://github.com/netbox-community/netbox/security/advisories/new) on GitHub. For any security concerns regarding NetBox deployed via Docker, please see the [netbox-docker](https://github.com/netbox-community/netbox-docker) project.
|
|
|
+For any security concerns regarding the community-maintained Docker image for NetBox, please see the [netbox-docker](https://github.com/netbox-community/netbox-docker) project.
|
|
|
|
|
|
### Bug Bounties
|
|
|
|
Jeremy Stretch