diff --git a/README.md b/README.md index b3537baf7..ed3093448 100644 --- a/README.md +++ b/README.md @@ -110,3 +110,36 @@ The list of developer tools is: [secrets-manager]: https://bitwarden.com/products/secrets-manager/ [bws-help]: https://bitwarden.com/help/secrets-manager-cli/ + +## Cargo fmt + +We use certain unstable features for formatting which require the nightly version of cargo-fmt. + +To install: + +``` +rustup component add rustfmt --toolchain nightly +``` + +To run: + +``` +cargo +nightly fmt +``` + +## Contribute + +Code contributions are welcome! Please commit any pull requests against the `main` branch. Learn +more about how to contribute by reading the +[Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the +[Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your +first contribution. + +Security audits and feedback are welcome. Please open an issue or email us privately if the report +is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file. +We also run a program on [HackerOne](https://hackerone.com/bitwarden). + +No grant of any rights in the trademarks, service marks, or logos of Bitwarden is made (except as +may be necessary to comply with the notice requirements as applicable), and use of any Bitwarden +trademarks must comply with +[Bitwarden Trademark Guidelines](https://github.com/bitwarden/server/blob/main/TRADEMARK_GUIDELINES.md). diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..b2a37f699 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,32 @@ +Bitwarden believes that working with security researchers across the globe is crucial to keeping our +users safe. If you believe you've found a security issue in our product or service, we encourage you +to please submit a report through our [HackerOne Program](https://hackerone.com/bitwarden/). We +welcome working with you to resolve the issue promptly. Thanks in advance! + +# Disclosure Policy + +- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every + effort to quickly resolve the issue. +- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or + a third-party. We may publicly disclose the issue before resolving it, if appropriate. +- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or + degradation of our service. Only interact with accounts you own or with explicit permission of the + account holder. +- If you would like to encrypt your report, please use the PGP key with long ID + `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool). + +While researching, we'd like to ask you to refrain from: + +- Denial of service +- Spamming +- Social engineering (including phishing) of Bitwarden staff or contractors +- Any physical attempts against Bitwarden property or data centers + +# We want to help you! + +If you have something that you feel is close to exploitation, or if you'd like some information +regarding the internal API, or generally have any questions regarding the app that would help in +your efforts, please email us at https://bitwarden.com/contact and ask for that information. As +stated above, Bitwarden wants to help you find issues, and is more than willing to help. + +Thank you for helping keep Bitwarden and our users safe!