diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-09-09 14:46:38 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-09-09 14:46:38 +0200 |
commit | 53374e39efd16ce54f2e76e1b74d9891935a5882 (patch) | |
tree | 9a044891e553dddbc49d654e73903e4364528fcf | |
parent | 1fbd822b645563fa0f9422609c432743f012cd11 (diff) | |
download | curl-bagder/security@curl.tar.gz |
docs: the security list is reached at security at curl.se nowbagder/security@curl
Also update the FAQ section a bit to encourage users to rather submit
security issues on hackerone than sending email.
-rw-r--r-- | docs/FAQ | 12 | ||||
-rw-r--r-- | docs/SECURITY-PROCESS.md | 2 |
2 files changed, 9 insertions, 5 deletions
@@ -288,10 +288,14 @@ FAQ from having to repeat ourselves even more. Thanks for respecting this. If you have found or simply suspect a security problem in curl or libcurl, - mail curl-security at haxx.se (closed list of receivers, mails are not - disclosed) and tell. Then we can produce a fix in a timely manner before the - flaw is announced to the world, thus lessen the impact the problem will have - on existing users. + submit all the details at https://hackerone.one/curl. On there we keep the + issue private while we investigate, confirm it, work and validate a fix and + agree on a time schedule for publication etc. That way we produce a fix in a + timely manner before the flaw is announced to the world, reducing the impact + the problem risk having on existing users. + + Security issues can also be taking to the curl security team by emailing + security at curl.se (closed list of receivers, mails are not disclosed). 1.9 Where do I buy commercial support for curl? diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md index a5d487adf..e4bccb263 100644 --- a/docs/SECURITY-PROCESS.md +++ b/docs/SECURITY-PROCESS.md @@ -91,7 +91,7 @@ announcement. - The security web page on the website should get the new vulnerability mentioned. -curl-security (at haxx dot se) +security (at curl dot se) ------------------------------ This is a private mailing list for discussions on and about curl security |