SECURITY-PROCESS: disclose on hackerone

author Daniel Stenberg <daniel@haxx.se>

Thu, 3 Dec 2020 13:18:51 +0000 (14:18 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Thu, 3 Dec 2020 21:29:34 +0000 (22:29 +0100)
author Daniel Stenberg <daniel@haxx.se>
Thu, 3 Dec 2020 13:18:51 +0000 (14:18 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Thu, 3 Dec 2020 21:29:34 +0000 (22:29 +0100)
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md

index c77ff17782b5cec309d62e2454d5a0ec04413ecd..a5d487adfba14926a3cc45397bc034465721ad1d 100644 (file)
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -125,6 +125,14 @@ Publishing Security Advisories
  6. On security advisory release day, push the changes on the curl-www
     repository's remote master branch.
  
+Hackerone
+---------
+
+Request the issue to be disclosed. If there are sensitive details present in
+the report and discussion, those should be redacted from the disclosure. The
+default policy is to disclose as much as possible as soon as the vulnerability
+has been published.
+
  Bug Bounty
  ----------
author	Daniel Stenberg <daniel@haxx.se>
	Thu, 3 Dec 2020 13:18:51 +0000 (14:18 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Thu, 3 Dec 2020 21:29:34 +0000 (22:29 +0100)