romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:31:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

BUG-BOUNTY.md: minor rephrase to say there is no bug bounty

Browse source 
also add a brief mention to VULN-DISCLOSURE-POLICY.md

Closes #20878
This commit is contained in:
Daniel Stenberg 2026-03-10 17:10:37 +01:00
parent a4f90969ff
commit ed7bf43a08
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
3 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/BUG-BOUNTY.md
View file

@ -4,13 +4,11 @@ Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
-->
# The curl bug bounty
Up until the end of January 2026 there was a curl bug bounty. It is no more.
# No curl bug bounty
The curl project does not offer any rewards for reported bugs or
vulnerabilities. We also do not aid security researchers to get such rewards
for curl problems from other sources either.
vulnerabilities. We do not aid security researchers to get such rewards for
curl problems from other sources.
A bug bounty gives people too strong incentives to find and make up "problems"
in bad faith that cause overload and abuse.