Skip to content

Security: BITNP/issues

Security

SECURITY.md

Security Policy

This document is for reference only (the Chinese version is the final version). While we reserve the right to repeal or amend this policy in any way, at any time at our absolute discretion, we may not be able to accomodate all requests due to Institute policies, Chinese laws, or other reasons.

Supported Services

You are welcome to report all vulnerabilities or incidents to us, related to services under bitnp.net domain (no matter it's a campus-network only service or not), including but not limited to:

  • www.bitnp.net
  • mail.bitnp.net and related mail services
  • clinic.bitnp.net
  • live.bitnp.net
  • mirrors.bitnp.net, mirror.bitnp.net, mirror.bit.edu.cn, mirrors.bit.edu.cn

Currently, the only service NetPioneer Association maintains under bit.edu.cn is mirror.bit.edu.cn / mirrors.bit.edu.cn.

Please report other security vulnerabilities in BIT network or domain to BIT Network Information and Technology Center. We have direct contacts in related institute departments, which may help if you need immediate response, but you may want to contact only NITC directly if you think the information should only be exposed to the direct responder of BIT network, or Institute staff members.

Reporting a Vulnerability

For responsible reporting, please only send an email with related information to [email protected]. Please do not use this GitHub issue board for any security reporting, but we can consider publishing the information here once it's resolved.

Unfortunately we do not have a public key for email encryption yet. Please inquire through email if you need one (we can provide personal public key for this purpose on this page, if required).

We strive to give first email response in 24 hours. We uses BJT (UTC+8), but since we are students, you may get a response outside regular "business hours". NetPioneer Association is a non-profit student organization of Beijing Institute of Technology in China, directed by Youth League Committee of BIT, so we do not provide bounties, but we are happy to give you the credit that you deserve.

安全报告

本文档仅供参考。我们保留对该策略的解释权、修改权。我们可能会因为学校政策、国家法规等原因,无法满足所有要求。

支持的服务

欢迎各位向我们反馈 bitnp.net 域名下的任何服务的安全问题,无论是只对校园网开放的服务、或对外服务,均可反馈。服务包括但不限于:

  • www.bitnp.net
  • mail.bitnp.net 及相关的邮件服务
  • clinic.bitnp.net
  • live.bitnp.net
  • mirrors.bitnp.net, mirror.bitnp.net, mirror.bit.edu.cn, mirrors.bit.edu.cn

目前网络开拓者协会在 bit.edu.cn 域名下运营的服务只有 mirror.bit.edu.cn / mirrors.bit.edu.cn。

有关北理工网络或域名下的其它安全问题,请联系北京理工大学网络信息技术中心。我们与有关学校部门均有直接联系人,在你需要及时回复的时候我们可以协助联系。不过,当该安全信息只应由有关直接负责人、或学校职工知悉时,请直接联系网络信息技术中心。

报告须知

我们希望各位能够负责任地报告安全问题。请将有关信息发送邮件至 [email protected]。请不要使用这里的 GitHub issues 来报告任何安全问题,但我们可以考虑在问题解决后在此发布。

我们暂时没有公开的邮件加密公钥。如有需要,请邮件联系我们获取(我们也可以在本页面上提供个人的邮件加密公钥)。

我们尽力于 24 小时内完成初步回复。我们的时区是 UTC+8,但毕竟我们是学生,你可能会在正常“办公时间”外得到答复。网络开拓者协会是非营利的学生组织,为北京理工大学团委下属,因此我们无法提供赏金,但我们可以公开致谢。

There aren’t any published security advisories