diff --git a/docs/BUG-BOUNTY.md b/docs/BUG-BOUNTY.md index aa8ee89572..3714efda52 100644 --- a/docs/BUG-BOUNTY.md +++ b/docs/BUG-BOUNTY.md @@ -11,8 +11,8 @@ HackerOne program](https://hackerone.com/curl). After you have reported a security issue, it has been deemed credible, and a patch and advisory has been made public, you may be eligible for a bounty from -this program. See the [SECURITY-PROCESS](SECURITY-PROCESS.md) document for how -we work with security issues. +this program. See the [Security Process](https://curl.se/dev/secprocess.html) +document for how we work with security issues. ## What are the reward amounts? diff --git a/docs/SECURITY-ADVISORY.md b/docs/SECURITY-ADVISORY.md index c2d13c9231..37083cd3c5 100644 --- a/docs/SECURITY-ADVISORY.md +++ b/docs/SECURITY-ADVISORY.md @@ -1,10 +1,10 @@ # Anatomy of a curl security advisory -As described in the `SECURITY-PROCESS.md` document, when a security -vulnerability has been reported to the project and confirmed, we author an -advisory document for for the issue. It should ideally be written in -cooperation with the reporter to make sure all the angles and details of the -problem are gathered and described correctly and succinctly. +As described in the [Security Process](https://curl.se/dev/secprocess.html) +document, when a security vulnerability has been reported to the project and +confirmed, we author an advisory document for for the issue. It should ideally +be written in cooperation with the reporter to make sure all the angles and +details of the problem are gathered and described correctly and succinctly. ## New document diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md index e553507a4c..64123edd45 100644 --- a/docs/SECURITY-PROCESS.md +++ b/docs/SECURITY-PROCESS.md @@ -56,7 +56,8 @@ announcement. problem is, its impact, which versions it affects, solutions or workarounds, when the release is out and make sure to credit all contributors properly. Figure out the CWE (Common Weakness Enumeration) number for the flaw. See - [SECURITY-ADVISORY](SECURITY-ADVISORY.md) for help on creating the advisory. + [SECURITY-ADVISORY](https://curl.se/dev/advisory.html) for help on creating + the advisory. - Request a CVE number from [HackerOne](https://docs.hackerone.com/programs/cve-requests.html)