priority point of contact: sam@freighttrust.com
Incident Response Plan Software Defects Smart Contract Monitoring General Security Procedures
Any parties who suspect a vulnerability or data breach should send an encrypted email to:
sam bacha sam@freighttrust.com operations admin@freighttrust.com
The following is data that Freight Trust stores and considers sensitive. If any such data becomes accessible to an unauthenticated / unauthorized user, that will be considered a Data Breach:
Private repository contents (i.e. source code), whole or in "diff" form Private user email addresses Any secrets or tokens which grant access to the above
NOTE: Repository names, commit shas, Pull Request numbers, Pull Request descriptions, and GitHub user or organization names are not considered sensitive for the purposes of this response policy.
All running services will be stopped to prevent further access Impacted users will be notified by email within 24 hours, security@github.com will be notified within 24 hours, along with any other vendors that may be affected.
Freight Trust routinely monitors for patched vulnerabilities in the software and infrastructure it depends on. Most such vulnerabilities are not at risk of causing a Data Breach. In such cases, they will be patched without user-notification or data-breach response activities. These are published in our RSS Feed.