This document outlines security procedures and general policies for the apl-api repository.
Thanks for helping to secure the internet!
Note: Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them through Akamai's bug bounty program or reach out to [email protected].
If you wish to encrypt your communications, please use the Akamai Security PGP key.
Please include the following information in your report:
- the type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, ...)
- full paths of source file(s) related to the manifestation of the issue
- the location of the affected source code (tag/branch/commit or direct URL)
- any special configuration required to reproduce the issue
- step-by-step instructions to reproduce the issue
- proof-of-concept or exploit code (if possible)
- impact of the issue, including how an attacker might exploit the issue
We will work with you on resolving the issue and may then create a public GitHub issue to track the update and ensure transparency after we have resolved the vulnerability.
The Akamai Security Research Agreement (SRA) provides the general framework for how you are permitted to engage in any effort arising from or related to the security of the Akamai ecosystem. By participating in any of Akamai’s programs, you agree to be subject to the SRA.
For more information, please see the Akamai Vulnerability Reporting website.