summaryrefslogtreecommitdiffstats
path: root/SECURITY.md
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:59:48 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:59:48 +0000
commit3b9b6d0b8e7f798023c9d109c490449d528fde80 (patch)
tree2e1c188dd7b8d7475cd163de9ae02c428343669b /SECURITY.md
parentInitial commit. (diff)
downloadbind9-3b9b6d0b8e7f798023c9d109c490449d528fde80.tar.xz
bind9-3b9b6d0b8e7f798023c9d109c490449d528fde80.zip
Adding upstream version 1:9.18.19.upstream/1%9.18.19upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'SECURITY.md')
-rw-r--r--SECURITY.md35
1 files changed, 35 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..2c63605
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,35 @@
+<!--
+Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+
+SPDX-License-Identifier: MPL-2.0
+
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, you can obtain one at https://mozilla.org/MPL/2.0/.
+
+See the COPYRIGHT file distributed with this work for additional
+information regarding copyright ownership.
+-->
+# Security Policy
+
+ISC's Security Vulnerability Disclosure Policy is documented in the
+relevant [ISC Knowledgebase article][1].
+
+## Reporting possible security issues
+
+If you think you may be seeing a potential security vulnerability in
+BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure),
+please report it immediately by [opening a confidential GitLab issue][2]
+(preferred) or emailing bind-security@isc.org.
+
+Please do not discuss undisclosed security vulnerabilities on any public
+mailing list. ISC has a long history of handling reported
+vulnerabilities promptly and effectively and we respect and acknowledge
+responsible reporters.
+
+If you have a crash, you may want to consult the Knowledgebase article
+entitled ["What to do if your BIND or DHCP server has crashed"][3].
+
+[1]: https://kb.isc.org/docs/aa-00861
+[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug
+[3]: https://kb.isc.org/docs/aa-00340