curl/docs/BUG-BOUNTY.md
Daniel Stenberg 8fea4b4cb7
Update docs/BUG-BOUNTY.md
Co-authored-by: thijs-reijgersberg <thijs.reijgersberg@angi.com>
2026-01-15 22:50:37 +01:00

607 B

The curl bug bounty

Up until the end of January 2026 there was a curl bug bounty. It is no more.

The curl project no longer offers any rewards for reported bugs or vulnerabilities. We also do not aid security researchers to get such rewards for curl problems from other sources either.

We have concluded the hard way that a bug bounty gives people too strong incentives to find and make up "problems" in bad faith that cause overload and abuse.

We still appreciate and value valid vulnerability reports.