diff options
author | Daniel Stenberg <daniel@haxx.se> | 2019-04-20 12:19:47 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-04-22 17:19:19 +0200 |
commit | 10e4dd6a7b3b2bc512223c4d94607f12443aab9f (patch) | |
tree | 4664f43185a3b02f85c5bb0af65d2d4b104e363c /docs/BUGS | |
parent | eb84ca3ea8f793ecbedf7865c41a8d1b9f59efb7 (diff) |
docs/BUG-BOUNTY: bug bounty time [skip ci]
Introducing the curl bug bounty program on hackerone. We now recommend
filing security issues directly in the hackerone ticket system which
only is readable to curl security team members.
Assisted-by: Daniel Gustafsson
Closes #3488
Diffstat (limited to 'docs/BUGS')
-rw-r--r-- | docs/BUGS | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -61,9 +61,14 @@ BUGS using our security development process. Security related bugs or bugs that are suspected to have a security impact, - should be reported by email to curl-security@haxx.se so that they first can - be dealt with away from the public to minimize the harm and impact it will - have on existing users out there who might be using the vulnerable versions. + should be reported on the curl security tracker at HackerOne: + + https://hackerone.com/curl + + This ensures that the report reaches the curl security team so that they + first can be deal with the report away from the public to minimize the harm + and impact it will have on existing users out there who might be using the + vulnerable versions. The curl project's process for handling security related issues is documented here: |