wp-plugin-installer/SECURITY.md

## Guidelines

We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:

*   Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
*   Pen-testing Production:
    *   Please **setup a local environment** instead whenever possible. Most of our code is open source (see above).
    *   If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC.
    *   **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.
    *   To be eligible for a bounty, please follow all of these guidelines.
*   Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.

We also expect you to comply with all applicable laws.
docs: Added docs 2022-10-25 10:38:22 +02:00			`## Guidelines`

			`We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines:`

			`* Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).`
			`* Pen-testing Production:`
			`* Please setup a local environment instead whenever possible. Most of our code is open source (see above).`
			`* If that's not possible, limit any data access/modification to the bare minimum necessary to reproduce a PoC.`
			`* _Don't_ automate form submissions! That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels.`
			`* To be eligible for a bounty, please follow all of these guidelines.`
			`* Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability.`

			`We also expect you to comply with all applicable laws.`