mirror of https://github.com/hyperledger/besu
An enterprise-grade Java-based, Apache 2.0 licensed Ethereum client https://wiki.hyperledger.org/display/besu
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 lines
1.0 KiB
20 lines
1.0 KiB
# Hyperledger Security Policy
|
|
|
|
## Reporting a Security Bug
|
|
|
|
If you think you have discovered a security issue in any of the Hyperledger projects, we'd love to
|
|
hear from you. We will take all security bugs seriously and if confirmed upon investigation we will
|
|
patch it within a reasonable amount of time and release a public security bulletin discussing the
|
|
impact and credit the discoverer.
|
|
|
|
There are two ways to report a security bug. The easiest is to email a description of the flaw and
|
|
any related information (e.g. reproduction steps, version) to
|
|
[security at hyperledger dot org](mailto:security@hyperledger.org).
|
|
|
|
The other way is to file a confidential security bug in our
|
|
[JIRA bug tracking system](https://jira.hyperledger.org). Be sure to set the “Security Level” to
|
|
“Security issue”.
|
|
|
|
The process by which the Hyperledger Security Team handles security bugs is documented further in
|
|
our [Defect Response page](https://wiki.hyperledger.org/display/SEC/Defect+Response) on our
|
|
[wiki](https://wiki.hyperledger.org).
|
|
|