Lines Matching full:curl

4 SPDX-License-Identifier: curl
7 # The curl bug bounty
9 The curl project runs a bug bounty program in association with
15 Start out by posting your suspected security vulnerability directly to [curl's
16 HackerOne program](https://hackerone.com/curl).
20 this program. See the [Security Process](https://curl.se/dev/secprocess.html)
25 The curl project offers monetary compensation for reported and published
31 amounts that are way lower than we can accept, the curl project intends to
39 Everyone and anyone who reports a security problem in a released curl version
43 with curl developers are not eligible for bounties.
48 The vulnerability has to be fixed and publicly announced (by the curl project)
51 Once the vulnerability has been published by curl, the researcher can request
57 The curl security team reserves themselves the right to deny or allow bug
62 This bug bounty only concerns the curl and libcurl products and thus their
64 include curl documentation, curl websites, or other curl related
67 The curl security team is the sole arbiter if a reported flaw is subject to a
72 The curl bug bounty does not cover flaws in third party dependencies
73 (libraries) used by curl or libcurl. If the bug triggers because of curl
75 curl and not in the dependency and then the bounty might cover the problem.
80 performed by the curl security team. The grading is based on the CVSS (Common
85 The curl security team gives the vulnerability a score or severity level, as
92 the reward money, the responsibility lies with the receiver. The curl project