@ -7,13 +7,15 @@ hear from you. We will take all security bugs seriously and if confirmed upon in
patch it within a reasonable amount of time and release a public security bulletin discussing the patch it within a reasonable amount of time and release a public security bulletin discussing the
impact and credit the discoverer. impact and credit the discoverer.
There are two ways to report a security bug. The easiest is to email a description of the flaw and There are two email addresses where Hyperledger Besu accepts security bugs. The
any related information (e.g. reproduction steps, version) to first, [security "dash" besu at lists dot hyperledger dot org ](mailto:security-besu@lists.hyperledger.org )
[security at hyperledger dot org ](mailto:security@hyperledger.org ). is limited to a subset of Hyperledger Besu maintainers and Hyperledger staff. For highly sensitive
bugs this is a preferred address. The second email
The other way is to file a confidential security bug in our address [security at hyperledger dot org ](mailto:security@hyperledger.org ) is limited to a subset of
[JIRA bug tracking system ](https://jira.hyperledger.org ). Be sure to set the “Security Level” to maintainers and staff of all Hyperledger projects, and may be viewed by maintainers outside of
“Security issue”. Hyperledger Besu. When sending information to either of these emails please be sure to include a
description of the flaw and any related information (e.g. reproduction steps, version, known active
use).
The process by which the Hyperledger Security Team handles security bugs is documented further in The process by which the Hyperledger Security Team handles security bugs is documented further in
our [Defect Response page ](https://wiki.hyperledger.org/display/SEC/Defect+Response ) on our our [Defect Response page ](https://wiki.hyperledger.org/display/SEC/Defect+Response ) on our
Danno Ferrin
2 years ago
committed by
GitHub