mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-06 13:44:52 +08:00
Code Issues Packages Projects Releases Wiki Activity
bcec0840b0
curl/SECURITY.md
Chris Swan 35034df1ca
docs: Clarify OpenSSF Best Practices vs Scorecard 
SECURITY.md has a recently added section titled OpenSSF Scorecard
that actually documents OpenSSF Best Practices. Scorecard [0] is a
different OpenSSF project, that incorporates Best Practices, but is
distinct in its objectives and how it achieves them.
This change clarifies the terminology, and also removes any
implication that Gold Best Practices is an award rather than a self
certification programme.
As curl was a leader in implementing Best Practices some folk may be
more familiar with the earlier Core Infrastructure Initiative (CII)
naming, so a reference to that has been added.

[0] https://scorecard.dev/

Signed-off-by: Chris Swan <478926+cpswan@users.noreply.github.com>
Ref: #14319
Closes #14635
2024-08-22 11:50:20 +02:00

30 lines
1.2 KiB
Markdown
Raw Blame History

<!--
Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
-->
# Security Policy
Read our [Vulnerability Disclosure Policy](docs/VULN-DISCLOSURE-POLICY.md).
## Reporting a Vulnerability
If you have found or just suspect a security problem somewhere in curl or
libcurl, report it on [HackerOne](https://hackerone.com/curl).
We treat security issues with confidentiality until controlled and disclosed responsibly.
## OpenSSF Best Practices
curl has achieved Gold status on the Open Source Security Foundation (OpenSSF)
[Best Practices](https://bestpractices.dev/) (formerly Core Infrastructure
Initiative Best Practices), reflecting its adherence to rigorous
security and best practice standards. This achievement highlights curl's
comprehensive documentation, secure development processes, effective change
control mechanisms, and strong maintenance routines. Meeting these criteria
demonstrates curl's commitment to security and reliability, ensuring the
project's sustainability and trustworthiness. This underscores curl's role as
a leader in open-source software practices. More information can be found on
[curl's OpenSSF Best Practices project page](https://www.bestpractices.dev/projects/63).
Reference in New Issue View Git Blame Copy Permalink