Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

On curl bug bounties on hackerone

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Wed, 10 Jun 2020 00:57:06 +0200 (CEST)

Hello friends!

We're still two weeks away from the pending next release and we're merging
bug-fixes daily.

As part of this upcoming release, we will announce at least two new security
vulnerabilities. The security researchers who reported these problems to us
will be rewarded money according to our bug bounty program.

In the curl security team we've set out to raise the reward amounts and we aim
to do this gradually going forward. These two new rewards will be the highest
amounts paid out yet.

We can do this raising of the amounts because of two reasons:

  1 - we're getting a good flow of donations that funds this effort - thanks to
      everyone who donates money to us, we're improving curl with the money!

  2 - we're working hard on pro-active measurements in the project to make us
      less likely to introduce new security flaws.

Finally: if *you* know of or just suspect a security problem in curl, please
report it at https://hackerone.com/curl 

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-06-10