Today I added the following paragraph to #curl's hackerone page informing about our bug-bounty program:
Reports are made public
All security reports that are submitted to the curl project are subject for disclosure once they have been dealt with and they are deemed "insensitive". We are an Open Source project for which transparency is important, which then includes showing the world all our security reports as well.
(See hackerone.com/curl )
curl - Bug Bounty Program | HackerOne
The curl Bug Bounty Program enlists the help of the hacker community at HackerOne to make curl more secure.HackerOne
|~hamu_sandowicz~|
in reply to daniel:// stenberg:// • • •Alien
in reply to daniel:// stenberg:// • • •