blob: b690909f34e5bacd443bdd2ab06b090ebe5fb34e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
# Security Policy
## Reporting a Vulnerability
If you think that you have found a security vulnerability, please report it to this email address: [feedback-crypto@bouncycastle.org](mailto:feedback-crypto@bouncycastle.org)
Describe the issue including all details, for example:
* Short summary of the problem
* Steps to reproduce
* Affected API versions
* Logs if available
The Bouncy Castle team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance.
If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html) as well.
Please note we endeavor to issue patched releases that deal with security issues as soon as they are made known to us, ideally prior to issuing a Security Advisory where otherwise possible. In some cases, particularly if it relates to a FIPS release, delays due to external processes may delay the issuing of a Security Advisory.
|