projects / thirdparty / pdns.git / blame
| Commit | Line | Data |
|---|---|---|
| 42fa8581 RG |
1 | PowerDNS Security Policy |
| 2 | ======================== | |
| 3 | ||
| 4 | If you have a security problem to report, please email us at both security@powerdns.com and ahu@ds9a.nl. | |
| 5 | In case you want to encrypt your report using PGP, please use: | |
| 6 | https://www.powerdns.com/powerdns-keyblock.asc | |
| 7 | ||
| 8 | Please do not mail security issues to public lists, nor file a ticket, unless we do not get back to you in a timely manner. | |
| 9 | We fully credit reporters of security issues, and respond quickly, but please allow us a reasonable timeframe to coordinate a response. | |
| 10 | ||
| 11 | We remind PowerDNS users that under the terms of the GNU General Public License, PowerDNS comes with ABSOLUTELY NO WARRANTY. | |
| 12 | This license is included in this documentation. | |
| 13 | ||
| 14 | HackerOne | |
| 15 | --------- | |
| 16 | Security issues can also be reported on [our HackerOne page](https://hackerone.com/powerdns) and might fetch a bounty. | |
| 17 | Do note that only the PowerDNS software is in scope for the HackerOne program, not our websites or other infrastructure. | |
| 18 | ||
| 19 | Disclosure Policy | |
| 20 | ----------------- | |
| 21 | - Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue. | |
| 22 | - Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. | |
| 23 | - We will always credit researchers in our security advisories. |