moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

SECURITY-PROCESS: disclose on hackerone 

Once a vulnerability has been published, the hackerone issue should be
disclosed. For tranparency.

Closes #6275
This commit is contained in:
Daniel Stenberg 2020-12-03 14:18:51 +01:00
parent 753a2c758a
commit 6703eb2f4c
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/SECURITY-PROCESS.md
View File

@ -125,6 +125,14 @@ Publishing Security Advisories
6. On security advisory release day, push the changes on the curl-www
repository's remote master branch.
Hackerone
---------
Request the issue to be disclosed. If there are sensitive details present in
the report and discussion, those should be redacted from the disclosure. The
default policy is to disclose as much as possible as soon as the vulnerability
has been published.
Bug Bounty
----------