docs: vulnerabilities in debug code are not eligible for a bounty

author Dan Fandrich <dan@coneharvesters.com>

Fri, 28 Feb 2025 20:36:14 +0000 (12:36 -0800)

committer Dan Fandrich <dan@coneharvesters.com>

Fri, 28 Feb 2025 22:21:46 +0000 (14:21 -0800)
author Dan Fandrich <dan@coneharvesters.com>
Fri, 28 Feb 2025 20:36:14 +0000 (12:36 -0800)
committer Dan Fandrich <dan@coneharvesters.com>
Fri, 28 Feb 2025 22:21:46 +0000 (14:21 -0800)
diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md

index d0785de8d9a9abc29da7fe5dc7d2cf3cf0ab8f32..35063053d26a3281b8b3860ee6220fb8ea355052 100644 (file)
--- a/docs/VULN-DISCLOSURE-POLICY.md
+++ b/docs/VULN-DISCLOSURE-POLICY.md
@@ -247,11 +247,11 @@ local system or network, the bar is raised. If a local user wrongfully has
  elevated rights on your system enough to attack curl, they can probably
  already do much worse harm and the problem is not really in curl.
  
-## Experiments
+## Debug & Experiments
  
  Vulnerabilities in features which are off by default (in the build) and
-documented as experimental, are not eligible for a reward and we do not
-consider them security problems.
+documented as experimental, or exist only in debug mode, are not eligible for a
+reward and we do not consider them security problems.
  
  ## URL inconsistencies
author	Dan Fandrich <dan@coneharvesters.com>
	Fri, 28 Feb 2025 20:36:14 +0000 (12:36 -0800)
committer	Dan Fandrich <dan@coneharvesters.com>
	Fri, 28 Feb 2025 22:21:46 +0000 (14:21 -0800)