You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
# Hyperledger Security Policy
|
|
|
|
|
|
|
|
## Reporting a Security Bug
|
|
|
|
|
|
|
|
If you think you have discovered a security issue in any of the Hyperledger projects, we'd love to
|
|
|
|
hear from you. We will take all security bugs seriously and if confirmed upon investigation we will
|
|
|
|
patch it within a reasonable amount of time and release a public security bulletin discussing the
|
|
|
|
impact and credit the discoverer.
|
|
|
|
|
|
|
|
There are two email addresses where Hyperledger Besu accepts security bugs. The
|
|
|
|
first, [security "dash" besu at lists dot hyperledger dot org](mailto:security-besu@lists.hyperledger.org)
|
|
|
|
is limited to a subset of Hyperledger Besu maintainers and Hyperledger staff. For highly sensitive
|
|
|
|
bugs this is a preferred address. The second email
|
|
|
|
address [security at hyperledger dot org](mailto:security@hyperledger.org) is limited to a subset of
|
|
|
|
maintainers and staff of all Hyperledger projects, and may be viewed by maintainers outside of
|
|
|
|
Hyperledger Besu. When sending information to either of these emails please be sure to include a
|
|
|
|
description of the flaw and any related information (e.g. reproduction steps, version, known active
|
|
|
|
use).
|
|
|
|
|
|
|
|
The process by which the Hyperledger Security Team handles security bugs is documented further in
|
|
|
|
our [Defect Response page](https://wiki.hyperledger.org/display/SEC/Defect+Response) on our
|
|
|
|
[wiki](https://wiki.hyperledger.org).
|