diff options
author | Karolin Hemmingsson <94545214+KarolinHem@users.noreply.github.com> | 2024-04-25 14:00:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-25 14:00:26 +0200 |
commit | 82cccb54ff513900356c30c3d8e359d9886794bb (patch) | |
tree | 08df108aef0362370621e21af79af63f594f8f18 /SECURITY.md | |
parent | Ed448 regression tests for infinite loop (diff) | |
download | BouncyCastle.NET-ed25519-82cccb54ff513900356c30c3d8e359d9886794bb.tar.xz |
Update SECURITY.md to align with KF Community template
Diffstat (limited to 'SECURITY.md')
-rw-r--r-- | SECURITY.md | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/SECURITY.md b/SECURITY.md index 5aece3648..b690909f3 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,17 @@ -# Reporting a security issue +# Security Policy -If you would like to report something you believe to be a security issue, then please use feedback-crypto@bouncycastle.org. +## Reporting a Vulnerability -We can provide a PGP key if required. +If you think that you have found a security vulnerability, please report it to this email address: [feedback-crypto@bouncycastle.org](mailto:feedback-crypto@bouncycastle.org) + +Describe the issue including all details, for example: +* Short summary of the problem +* Steps to reproduce +* Affected API versions +* Logs if available + +The Bouncy Castle team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance. + +If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html) as well. + +Please note we endeavor to issue patched releases that deal with security issues as soon as they are made known to us, ideally prior to issuing a Security Advisory where otherwise possible. In some cases, particularly if it relates to a FIPS release, delays due to external processes may delay the issuing of a Security Advisory. |