diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-12-03 14:18:51 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-12-03 14:22:56 +0100 |
commit | 939485208b9576dcf62dae2e27d64911c5d3946b (patch) | |
tree | 8edf7e838f16b51e61481beeb95eb23c706ec968 | |
parent | 41b3b830f118197a4b4988f425902493f4f85de8 (diff) | |
download | curl-bagder/sec-proc-hackerone.tar.gz |
SECURITY-PROCESS: disclose on hackerone [skip ci]bagder/secproc-hackeronebagder/sec-proc-hackerone
Once a vulnerability has been published, the hackerone issue should be
disclosed. For tranparency.
-rw-r--r-- | docs/SECURITY-PROCESS.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md index c77ff1778..a5d487adf 100644 --- a/docs/SECURITY-PROCESS.md +++ b/docs/SECURITY-PROCESS.md @@ -125,6 +125,14 @@ Publishing Security Advisories 6. On security advisory release day, push the changes on the curl-www repository's remote master branch. +Hackerone +--------- + +Request the issue to be disclosed. If there are sensitive details present in +the report and discussion, those should be redacted from the disclosure. The +default policy is to disclose as much as possible as soon as the vulnerability +has been published. + Bug Bounty ---------- |