tsai
/
thingsboard
mirror of https://github.com/thingsboard/thingsboard.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Open-source IoT Platform - Device management, data collection, processing and visualization.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24285 Commits
90 Branches
75 Tags
359 MiB
 
 
 
 
 
 
Branch: AlexDoanTB-patch-1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'AlexDoanTB-patch-1'
${ noResults }
thingsboard/security.md

2.0 KiB
Raw Permalink Blame History

Security Policy

Do we accept vulnerability reports

Cybersecurity is of the highest importance. Thus, valid or meaningful security-related vulnerabilities or suspected security threats can be reported to ThingsBoard. If the case, please do it privately to minimize attacks against current users of the ThingsBoard platform and our umbrella products before the fixes are done.

Vulnerabilities will be investigated by the ThingsBoard team. We are keen to release fixes as soon as possible: if the issue is сritical, we prepare a hot-fix release; if the threat is less severe, the fix will be publicly available within the upcoming releases.

Bug bounty

We appreciate your efforts in investigating threats we might have overlooked. ThingsBoard, Inc. offers a bounty for valid Critical or High-scored vulnerabilities. One's reward does not exceed USD 100 per accepted critical finding, and for a high-scoring security hole, it is capped at USD 50 per valid bug. You do understand that we scan the code and images using multiple tools. The showed up are transformed into prod tickets. Many of the reported vulnerabilities are or might be known to us.

Reporting a Vulnerability

To report a vulnerability or a security-related issue, please email the private address security@thingsboard.io with the details of the vulnerability and clear steps to reproduce it. Emails will be addressed within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime. Do not report non-security-impacting bugs through this channel. Use GitHub issues instead.

Proposed Email Content Provide a descriptive subject line, and in the body of the email, include the following information:

  • Basic identity information, such as your name and your affiliation or company.
  • Detailed steps to reproduce the vulnerability (log errors, screenshots are all helpful to us).
  • Description of the effects of the vulnerability on ThingsBoard.