diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-09-21 23:21:30 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-09-22 12:00:00 +0200 |
commit | 3cae1cd69924893b4ef6f9c7fe9ab1195ed48554 (patch) | |
tree | fa488006c8ff0867f2b75c16273e36a95e730ec6 | |
parent | 46e164069d1a5230e4e64cbd2ff46c46cce056bb (diff) |
SECURITY-PROCESS: mention the bountygraph program [ci skip]
Closes #3032
-rw-r--r-- | docs/SECURITY-PROCESS.md | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md index 6cae5036b..adcbd740c 100644 --- a/docs/SECURITY-PROCESS.md +++ b/docs/SECURITY-PROCESS.md @@ -121,15 +121,32 @@ Publishing Security Advisories 6. On security advisory release day, push the changes on the curl-www repository's remote master branch. +Bountygraph Bug Bounty +---------------------- + +The curl project runs a bug bounty program in association with +bountygraph.com. + +After you have reported a security issue to the curl project, it has been +deemed credible and a patch and advisory has been made public you can be +eligible for a bounty from this program. + +See all details at https://bountygraph.com/programs/curl + +This bounty is relying on funds from sponsors. If you use curl professionally, +consider help funding this! + Hackerone Internet Bug Bounty ----------------------------- -The curl project does not run any bounty program on its own, but there are -outside organizations that do. First report your issue the normal way and -proceed as described in this document. +This bounty program is run by an independent outside organization: Hackerone. +First report your issue the normal way and proceed as described in this +document. Then, if the issue is [critical](https://hackerone.com/ibb-data), you are eligible to apply for a bounty from Hackerone for your find. Once your reported vulnerability has been publicly disclosed by the curl -project, you can submit a [report to them](https://hackerone.com/ibb-data).
\ No newline at end of file +project, you can submit a [report to them](https://hackerone.com/ibb-data). + +You will not be able to claim bounties from more than one bounty program. |