Last updated: October 8th 2023
Resonite and Yellow Dog Man Studios, take security very seriously. To find out our policy on security and security reporting please read on.
When it comes to security we're generally looking for the following items.
This is not an exhaustive list and you should use your best judgement when making a report. If an issue bothers you please consider reporting it. We would rather know about an issue then not.
As Resonite is a Beta/Early Access product, crashes are common and in some cases random. It is therefore ok to report these on our bug tracker.
However, if a crash is easily reproducible or easy to accidentally trigger, then a private report as a security issue is still valid.
Additionally, If a user is maliciously causing crashes please also submit that to our Moderation System.
Due to our Peer to Peer infrastructure for sessions and flexibility/openness of in-session development, it can be unclear what we class as private data.
To clarify this, here is a list of common data that we don't consider private:
Never, report a security issue through:
Security issues must be reported via our support system.
We don't have a standard format, but when reporting an issue be sure to include as much detail as possible. Try to include:
You should also indicate if you'd like to opt out of being credited for this report / discovery. When we resolve issues we may credit you in the change logs unless you opt out.
These guidelines are not intended to supersede or to overrule the general Guidelines but are designed to give you some additional guidance in the area of security issues.
We do not ban/restrict users for reporting security issues provided these are followed.
Once a report has been submitted, the following items will happen:
Security reports are only reviewable by Team members.
We're unable to offer rewards or bounties for reports currently. If this changes we will update this policy.