35 lines
1.4 KiB
Markdown
35 lines
1.4 KiB
Markdown
<!--
|
|
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
SPDX-License-Identifier: MPL-2.0
|
|
|
|
This Source Code Form is subject to the terms of the Mozilla Public
|
|
License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
See the COPYRIGHT file distributed with this work for additional
|
|
information regarding copyright ownership.
|
|
-->
|
|
# Security Policy
|
|
|
|
ISC's Security Vulnerability Disclosure Policy is documented in the
|
|
relevant [ISC Knowledgebase article][1].
|
|
|
|
## Reporting possible security issues
|
|
|
|
If you think you may be seeing a potential security vulnerability in
|
|
BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure),
|
|
please report it immediately by [opening a confidential GitLab issue][2]
|
|
(preferred) or emailing bind-security@isc.org.
|
|
|
|
Please do not discuss undisclosed security vulnerabilities on any public
|
|
mailing list. ISC has a long history of handling reported
|
|
vulnerabilities promptly and effectively and we respect and acknowledge
|
|
responsible reporters.
|
|
|
|
If you have a crash, you may want to consult the Knowledgebase article
|
|
entitled ["What to do if your BIND or DHCP server has crashed"][3].
|
|
|
|
[1]: https://kb.isc.org/docs/aa-00861
|
|
[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug
|
|
[3]: https://kb.isc.org/docs/aa-00340
|