diff options
-rw-r--r-- | SECURITY.md | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/SECURITY.md b/SECURITY.md index 5aece3648..b690909f3 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,17 @@ -# Reporting a security issue +# Security Policy -If you would like to report something you believe to be a security issue, then please use feedback-crypto@bouncycastle.org. +## Reporting a Vulnerability -We can provide a PGP key if required. +If you think that you have found a security vulnerability, please report it to this email address: [feedback-crypto@bouncycastle.org](mailto:feedback-crypto@bouncycastle.org) + +Describe the issue including all details, for example: +* Short summary of the problem +* Steps to reproduce +* Affected API versions +* Logs if available + +The Bouncy Castle team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance. + +If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html) as well. + +Please note we endeavor to issue patched releases that deal with security issues as soon as they are made known to us, ideally prior to issuing a Security Advisory where otherwise possible. In some cases, particularly if it relates to a FIPS release, delays due to external processes may delay the issuing of a Security Advisory. |