mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-21 06:50:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

BUG-BOUNTY.md: clarify that the curl security team decides

Browse Source 
Closes #12975
This commit is contained in:
Daniel Stenberg 2024-02-22 16:34:35 +01:00
parent 8e83b6b429
commit 8dbc3c7a6b
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/BUG-BOUNTY.md
View File

@ -48,6 +48,9 @@ their bounty from the [Internet Bug Bounty](https://hackerone.com/ibb).
Bounties need to be requested within twelve months from the publication of the
vulnerability.
The curl security team reserves themselves the right to deny or allow bug
bounty payouts on its own discretion. There is no appeals process.
## Product vulnerabilities only
This bug bounty only concerns the curl and libcurl products and thus their