romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 00:21:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

VULN-DISCLOSURE-POLICY: all reports should be disclosed

Browse source 
As a matter of policy.

Closes #17778
This commit is contained in:
Daniel Stenberg 2025-06-29 16:17:49 +02:00
parent 0b98f596c8
commit ff15eef2d6
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/VULN-DISCLOSURE-POLICY.md
View file

@ -134,13 +134,16 @@ somewhat over time and a list somewhere only risks getting outdated.
6. On security advisory release day, push the changes on the curl-www
repository's remote master branch.
## HackerOne
## Disclose the report
Request the issue to be disclosed. If there are sensitive details present in
the report and discussion, those should be redacted from the disclosure. The
default policy is to disclose as much as possible as soon as the vulnerability
has been published.
*All* reports submitted to the project, valid or not, should be disclosed and
made public.
## Bug Bounty
See [BUG-BOUNTY](https://curl.se/docs/bugbounty.html) for details on the