diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-11-26 11:37:49 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-11-30 22:50:36 +0100 |
commit | 4a01a20bdb2a6a3b855001543f3bc82edc8e5134 (patch) | |
tree | 01293c04b889b36e7f2b55d54b83ff5fc550b114 /docs/SECURITY-PROCESS.md | |
parent | 650281ed5ba335d16a932ccba53665551197880f (diff) |
SECURITY-PROCESS: bountygraph shuts down
This backpedals back the documents to the state before bountygraph.
Closes #3311
Diffstat (limited to 'docs/SECURITY-PROCESS.md')
-rw-r--r-- | docs/SECURITY-PROCESS.md | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md index 9dd4cb77b..6cae5036b 100644 --- a/docs/SECURITY-PROCESS.md +++ b/docs/SECURITY-PROCESS.md @@ -121,19 +121,15 @@ Publishing Security Advisories 6. On security advisory release day, push the changes on the curl-www repository's remote master branch. -Bountygraph Bug Bounty ----------------------- - -The curl project runs a bug bounty program in association with -bountygraph.com. - -After you have reported a security issue to the curl project, it has been -deemed credible and a patch and advisory has been made public you can be -eligible for a bounty from this program. +Hackerone Internet Bug Bounty +----------------------------- -See all details at [BountyGraph](https://bountygraph.com/programs/curl). +The curl project does not run any bounty program on its own, but there are +outside organizations that do. First report your issue the normal way and +proceed as described in this document. -This bounty is relying on funds from -[sponsors](https://bountygraph.com/programs/curl#publicpledges). If you use -curl professionally, consider help funding this! +Then, if the issue is [critical](https://hackerone.com/ibb-data), you are +eligible to apply for a bounty from Hackerone for your find. +Once your reported vulnerability has been publicly disclosed by the curl +project, you can submit a [report to them](https://hackerone.com/ibb-data).
\ No newline at end of file |