Skip to content

Latest commit

 

History

History
26 lines (17 loc) · 1.17 KB

Security.md

File metadata and controls

26 lines (17 loc) · 1.17 KB

OWASP Application Security Verification Standard (ASVS) Security Policy

The ASVS leaders and community take all security bugs seriously. We appreciate your efforts to disclose the issue responsibly, and will make every effort to acknowledge your contributions. To help us with the vulnerability(s) you have identified, it would be great if you could please follow the reporting guidelines below to submit your finding.

We aim to reply within 3 days of receiving your finding. If a finding is accepted, we aim to publish a patch within 6 days. If it is declined, we will reply to let you know.

Reporting Guidelines

Email jim@owasp.org with the following information:

  1. Name / affiliation
  2. Vulnerability description
  3. Steps to reproduce the issue
  4. Current public knowledge of this vulnerability (e.g. related CVE, security advisory, etc.)

Supported Versions

At this time, only the following versions of ASVS are supported:

Version Supported
5.0.x
4.0.x

Our security acknowledgments page

Acknowledgments: https://github.com/OWASP/ASVS/blob/master/hall_of-fame.md