mirror of
https://gitlab.isc.org/isc-projects/bind9.git
synced 2025-04-18 09:44:09 +03:00
ca9fed9143
To follow current best practices, create a short SECURITY.md file in the root of the repository that contains information about the project's security policy and guidelines for reporting potential security issues. Replace the relevant bits of text in other files with references to the new SECURITY.md file, so that the relevant information only needs to be maintained in one place. Replace all occurrences of the generic security-officer@isc.org email with a dedicated address for reporting BIND 9 security issues, bind-security@isc.org.
1.4 KiB
1.4 KiB
Security Policy
ISC's Security Vulnerability Disclosure Policy is documented in the relevant ISC Knowledgebase article.
Reporting possible security issues
If you think you may be seeing a potential security vulnerability in BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure), please report it immediately by opening a confidential GitLab issue (preferred) or emailing bind-security@isc.org.
Please do not discuss undisclosed security vulnerabilities on any public mailing list. ISC has a long history of handling reported vulnerabilities promptly and effectively and we respect and acknowledge responsible reporters.
If you have a crash, you may want to consult the Knowledgebase article entitled "What to do if your BIND or DHCP server has crashed".