File: BUG-BOUNTY.md

package info (click to toggle)
curl 8.19.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky
  • size: 31,884 kB
  • sloc: ansic: 200,254; perl: 21,116; python: 10,390; sh: 6,691; makefile: 1,507; pascal: 240; cpp: 196
file content (16 lines) | stat: -rw-r--r-- 478 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
<!--
Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.

SPDX-License-Identifier: curl
-->

# No curl bug bounty

The curl project does not offer any rewards for reported bugs or
vulnerabilities. We do not aid security researchers to get such rewards for
curl problems from other sources.

A bug bounty gives people too strong incentives to find and make up "problems"
in bad faith that cause overload and abuse.

We still appreciate and value valid vulnerability reports.