aboutsummaryrefslogtreecommitdiff
path: root/docs/BUGS
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2019-04-20 12:19:47 +0200
committerDaniel Stenberg <daniel@haxx.se>2019-04-22 17:19:19 +0200
commit10e4dd6a7b3b2bc512223c4d94607f12443aab9f (patch)
tree4664f43185a3b02f85c5bb0af65d2d4b104e363c /docs/BUGS
parenteb84ca3ea8f793ecbedf7865c41a8d1b9f59efb7 (diff)
docs/BUG-BOUNTY: bug bounty time [skip ci]
Introducing the curl bug bounty program on hackerone. We now recommend filing security issues directly in the hackerone ticket system which only is readable to curl security team members. Assisted-by: Daniel Gustafsson Closes #3488
Diffstat (limited to 'docs/BUGS')
-rw-r--r--docs/BUGS11
1 files changed, 8 insertions, 3 deletions
diff --git a/docs/BUGS b/docs/BUGS
index 7322d9b21..480e0caec 100644
--- a/docs/BUGS
+++ b/docs/BUGS
@@ -61,9 +61,14 @@ BUGS
using our security development process.
Security related bugs or bugs that are suspected to have a security impact,
- should be reported by email to curl-security@haxx.se so that they first can
- be dealt with away from the public to minimize the harm and impact it will
- have on existing users out there who might be using the vulnerable versions.
+ should be reported on the curl security tracker at HackerOne:
+
+ https://hackerone.com/curl
+
+ This ensures that the report reaches the curl security team so that they
+ first can be deal with the report away from the public to minimize the harm
+ and impact it will have on existing users out there who might be using the
+ vulnerable versions.
The curl project's process for handling security related issues is
documented here: