1
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-11-26 17:41:08 +01:00
metasploit-payloads/.github/SECURITY.md
William Vu 8e3933bed7 Revert "Undo commit for #441"
This reverts commit 8361d5367a, reversing
changes made to db3d5f0896.
2020-10-11 20:49:06 -05:00

1.4 KiB

Reporting security issues

Thanks for your interest in making Meterpreter more secure! If you feel that you have found a security issue involving Metasploit, Meterpreter, Recog, or any other Rapid7 open source project, you are welcome to let us know in the way that's most comfortable for you.

Via ZenDesk

You can click on the big blue button at Rapid7's Vulnerability Disclosure page, which will get you to our general vulnerability reporting system. While this does require a (free) ZenDesk account to use, you'll get regular updates on your issue as our software support teams work through it. As it happens that page also will tell you what to expect when it comes to reporting vulns, how fast we'll fix and respond, and all the rest, so it's a pretty good read regardless.

Via email

If you're more of a traditionalist, you can email your finding to security@rapid7.com. If you like, you can use our PGP key to encrypt your messages, but we certainly don't mind cleartext reports over email.

NOT via GitHub Issues

Please don't! Disclosing security vulnerabilities to public bug trackers is kind of mean, even when it's well-intentioned, since you end up dropping 0-day on pretty much everyone right out of the gate. We'd prefer you didn't!