curl / Mailing Lists / curl-library / Single Mail


a curl bug bounty program

From: Daniel Stenberg <>
Date: Fri, 21 Apr 2017 10:04:03 +0200 (CEST)

Hi friends,

The other day I blogged[1] about there being a bug bounty program coordinated
by Hacker One for which you can apply for if your detected curl security
problems are serious enough. A few persons who reported curl bugs have already
received payments. The highest paid one so far that I saw got 3,000 USD.

I think this is super awesome as I hope it can provide some extra energy to
people to go in a little extra when trying to find problems in our products.
Getting security problems reported (and fixed) is a good thing.

I'm now in communication with the good folks at Hacker One to see what we can
do to cooperate to make it an ever better and perhaps more focused bounty
program for curl issues. I'll probably get back with details on that if/when
we accomplish something.

[1] =

Received on 2017-04-21