mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-03-19 15:40:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY-PROCESS: disclose on hackerone

Browse Source 
Once a vulnerability has been published, the hackerone issue should be
disclosed. For tranparency.

Closes
This commit is contained in:
Daniel Stenberg 2020-12-03 14:18:51 +01:00
parent 753a2c758a
commit 6703eb2f4c
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 0 deletions

8
docs/SECURITY-PROCESS.md

@ -125,6 +125,14 @@ Publishing Security Advisories
6. On security advisory release day, push the changes on the curl-www
repository's remote master branch.
Hackerone
---------
Request the issue to be disclosed. If there are sensitive details present in
the report and discussion, those should be redacted from the disclosure. The
default policy is to disclose as much as possible as soon as the vulnerability
has been published.
Bug Bounty
----------