mirror of
https://github.com/vacp2p/status-linea-besu.git
synced 2026-01-07 21:13:56 -05:00
2d02f6be41
* Update Security Policy contact info At the request of the EF, a besu-only security list was created, and is the first listed email. The out-of-date Jira location is also removed. Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
23 lines
1.3 KiB
Markdown
23 lines
1.3 KiB
Markdown
# Hyperledger Security Policy
|
|
|
|
## Reporting a Security Bug
|
|
|
|
If you think you have discovered a security issue in any of the Hyperledger projects, we'd love to
|
|
hear from you. We will take all security bugs seriously and if confirmed upon investigation we will
|
|
patch it within a reasonable amount of time and release a public security bulletin discussing the
|
|
impact and credit the discoverer.
|
|
|
|
There are two email addresses where Hyperledger Besu accepts security bugs. The
|
|
first, [security "dash" besu at lists dot hyperledger dot org](mailto:security-besu@lists.hyperledger.org)
|
|
is limited to a subset of Hyperledger Besu maintainers and Hyperledger staff. For highly sensitive
|
|
bugs this is a preferred address. The second email
|
|
address [security at hyperledger dot org](mailto:security@hyperledger.org) is limited to a subset of
|
|
maintainers and staff of all Hyperledger projects, and may be viewed by maintainers outside of
|
|
Hyperledger Besu. When sending information to either of these emails please be sure to include a
|
|
description of the flaw and any related information (e.g. reproduction steps, version, known active
|
|
use).
|
|
|
|
The process by which the Hyperledger Security Team handles security bugs is documented further in
|
|
our [Defect Response page](https://wiki.hyperledger.org/display/SEC/Defect+Response) on our
|
|
[wiki](https://wiki.hyperledger.org).
|