|
|
@@ -27,8 +27,8 @@ reference to the security nature of the commit if done prior to the public
|
|
|
announcement.
|
|
|
|
|
|
- The person discovering the issue, the reporter, reports the vulnerability on
|
|
|
- https://hackerone.com/curl. Issues filed there reach a handful of selected
|
|
|
- and trusted people.
|
|
|
+ [https://hackerone.com/curl](https://hackerone.com/curl). Issues filed there
|
|
|
+ reach a handful of selected and trusted people.
|
|
|
|
|
|
- Messages that do not relate to the reporting or managing of an undisclosed
|
|
|
security vulnerability in curl or libcurl are ignored and no further action
|
|
|
@@ -128,5 +128,5 @@ Publishing Security Advisories
|
|
|
Bug Bounty
|
|
|
----------
|
|
|
|
|
|
-See [BUG-BOUNTY](BUG-BOUNTY.md) for specific details on the bug bounty
|
|
|
-program.
|
|
|
+See [BUG-BOUNTY](https://curl.haxx.se/docs/bugbounty.html) for details on the
|
|
|
+bug bounty program.
|
Daniel Stenberg