@@ -27,7 +27,7 @@ The OpenHarmony community has multiple channels to collect security vulnerabilit
## Assessing Security Vulnerabilities
The OpenHarmony Security Issue Response Team organizes maintainers to verify the security vulnerabilities reported. The OpenHarmony community assesses security vulnerabilities based on the mainstream [CVSS](https://www.first.org/cvss/calculator/3.1). The table below lists the severity levels and scores of the CVSS.
The OpenHarmony Security Issue Response Team organizes maintainers to verify the security vulnerabilities reported. The OpenHarmony community assesses security vulnerabilities based on the mainstream [CVSS](https://www.first.org/cvss/calculator/3.1). The table below lists the severity levels and scores of the CVSS.
@@ -73,7 +73,9 @@ The vulnerabilities that are not eligible for reward include but are not limited
## **Forbidden Behaviors During Testing**
- Do not access, download, modify, or delete data that does not belong to you without permission. Only PoC is allowed to prove the existence of the vulnerability.
- Phishing or social engineering attacks are prohibited.
- Do not use security vulnerabilities and related information for any illegal purpose. The following activities are prohibited:
- Access the computer information network or using resources in the computer information network without permission.
- Delete, modify, or add the functions of the computer information network without permission.
...
...
@@ -82,7 +84,7 @@ The vulnerabilities that are not eligible for reward include but are not limited
- Access the computer information network to obtain data stored in related website systems and platforms without permission.
- Other behaviors that jeopardize the security of computer information networks.
You should assume all compensation liabilities for any loss caused to OpenHarmony due to the above behavior. If your behavior violates laws and regulations, you should bear the corresponding legal consequences.
You should assume all compensation liabilities for any loss caused to OpenHarmony due to the above behavior. If your behavior violates laws and regulations, you should bear the corresponding legal consequences.