mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 16:48:49 -05:00
BUG-BOUNTY: minor language update
... and remove the wording about entries from before 2019 as the "within 12 months" is still there and covers that. Closes #6318
This commit is contained in:
parent
bc7ecc71c0
commit
c4d88f89a9
@ -22,7 +22,7 @@ details.
|
|||||||
|
|
||||||
# What are the reward amounts?
|
# What are the reward amounts?
|
||||||
|
|
||||||
The curl projects offer monetary compensation for reported and published
|
The curl project offers monetary compensation for reported and published
|
||||||
security vulnerabilities. The amount of money that is rewarded depends on how
|
security vulnerabilities. The amount of money that is rewarded depends on how
|
||||||
serious the flaw is determined to be.
|
serious the flaw is determined to be.
|
||||||
|
|
||||||
@ -46,18 +46,14 @@ before a bug bounty will be considered.
|
|||||||
Bounties need to be requested within twelve months from the publication of the
|
Bounties need to be requested within twelve months from the publication of the
|
||||||
vulnerability.
|
vulnerability.
|
||||||
|
|
||||||
The vulnerabilities must not have been made public before February 1st, 2019.
|
|
||||||
We do not retroactively pay for old, already known, or published security
|
|
||||||
problems.
|
|
||||||
|
|
||||||
# Product vulnerabilities only
|
# Product vulnerabilities only
|
||||||
|
|
||||||
This bug bounty only concerns the curl and libcurl products and thus their
|
This bug bounty only concerns the curl and libcurl products and thus their
|
||||||
respective source codes - when running on existing hardware. It does not
|
respective source codes - when running on existing hardware. It does not
|
||||||
include documentation, websites, or other infrastructure.
|
include documentation, websites, or other infrastructure.
|
||||||
|
|
||||||
The curl security team will be the sole arbiter if a reported flaw can be
|
The curl security team is the sole arbiter if a reported flaw is subject to a
|
||||||
subject to a bounty or not.
|
bounty or not.
|
||||||
|
|
||||||
# How are vulnerabilities graded?
|
# How are vulnerabilities graded?
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user