mirror of https://github.com/hyperledger/besu
An enterprise-grade Java-based, Apache 2.0 licensed Ethereum client https://wiki.hyperledger.org/display/besu
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 lines
1.0 KiB
24 lines
1.0 KiB
5 years ago
|
# Hyperledger Security Policy
|
||
|
|
|
||
|
|
## Reporting a Security Bug
|
||
|
|
|
||
|
|
If you think you have discovered a security issue in any of the Hyperledger
|
||
|
|
projects, we'd love to hear from you. We will take all security bugs
|
||
|
|
seriously and if confirmed upon investigation we will patch it within a
|
||
|
|
reasonable amount of time and release a public security bulletin discussing
|
||
|
|
the impact and credit the discoverer.
|
||
|
|
|
||
|
|
There are two ways to report a security bug. The easiest is to email a
|
||
|
|
description of the flaw and any related information (e.g. reproduction
|
||
|
|
steps, version) to
|
||
|
|
[security at hyperledger dot org](mailto:security@hyperledger.org).
|
||
|
|
|
||
|
|
The other way is to file a confidential security bug in our
|
||
|
|
[JIRA bug tracking system](https://jira.hyperledger.org).
|
||
|
|
Be sure to set the “Security Level” to “Security issue”.
|
||
|
|
|
||
|
|
The process by which the Hyperledger Security Team handles security bugs
|
||
|
|
is documented further in our
|
||
|
|
[Defect Response](https://wiki.hyperledger.org/display/HYP/Defect+Response)
|
||
|
|
page on our [wiki](https://wiki.hyperledger.org).
|