hyperledger/indy-node

Trying to report a critical security issue

shakreiner opened this issue · 5 comments

Hey,

I have a critical security issue to report, and I didn't get any response from security@hyperledger.org
Who can I send the issue to?

Thanks!

When did you send it? Please send it again and I will connect as well with those on the list.

I sent an email last Monday asking if this was still the right place to send it.
So from your answer, I understand this email is still the place to report to, correct?

The current process to use is here: https://wiki.hyperledger.org/display/SEC/Defect+Response

Ah...the address has changed recently -- from that page There are two ways to report a security bug. The easiest is to email a description of the flaw and any related information (e.g. reproduction steps, version) to security at lists dot hyperledger dot org.

I see.
Let me review the current process and I'll send a report to the new address shortly.
Thanks

Good stuff -- thanks. Sorry for the confusion.