diff options
Diffstat (limited to 'docs/SECURITY-PROCESS.md')
-rw-r--r-- | docs/SECURITY-PROCESS.md | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md index 9dd4cb77b..6cae5036b 100644 --- a/docs/SECURITY-PROCESS.md +++ b/docs/SECURITY-PROCESS.md @@ -121,19 +121,15 @@ Publishing Security Advisories 6. On security advisory release day, push the changes on the curl-www repository's remote master branch. -Bountygraph Bug Bounty ----------------------- - -The curl project runs a bug bounty program in association with -bountygraph.com. - -After you have reported a security issue to the curl project, it has been -deemed credible and a patch and advisory has been made public you can be -eligible for a bounty from this program. +Hackerone Internet Bug Bounty +----------------------------- -See all details at [BountyGraph](https://bountygraph.com/programs/curl). +The curl project does not run any bounty program on its own, but there are +outside organizations that do. First report your issue the normal way and +proceed as described in this document. -This bounty is relying on funds from -[sponsors](https://bountygraph.com/programs/curl#publicpledges). If you use -curl professionally, consider help funding this! +Then, if the issue is [critical](https://hackerone.com/ibb-data), you are +eligible to apply for a bounty from Hackerone for your find. +Once your reported vulnerability has been publicly disclosed by the curl +project, you can submit a [report to them](https://hackerone.com/ibb-data).
\ No newline at end of file |