Trying to report a critical security issue
shakreiner opened this issue · 5 comments
Hey,
I have a critical security issue to report, and I didn't get any response from security@hyperledger.org
Who can I send the issue to?
Thanks!
When did you send it? Please send it again and I will connect as well with those on the list.
I sent an email last Monday asking if this was still the right place to send it.
So from your answer, I understand this email is still the place to report to, correct?
The current process to use is here: https://wiki.hyperledger.org/display/SEC/Defect+Response
Ah...the address has changed recently -- from that page There are two ways to report a security bug. The easiest is to email a description of the flaw and any related information (e.g. reproduction steps, version) to security at lists dot hyperledger dot org.
I see.
Let me review the current process and I'll send a report to the new address shortly.
Thanks
Good stuff -- thanks. Sorry for the confusion.