zecfoundation
/
zcashd
mirror of https://github.com/ZcashFoundation/zcashd.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Auto merge of #4958 - zcash:4957_add_foundation_to_responsible_disclosure_list, r=str4d 

Add Zcash Foundation to disclosure partners list

Adding the newly-negotiated agreement with the Foundation to our public commitment.
This commit is contained in:
Homu 2021-02-19 02:41:49 +00:00
parent 65122845c5 e1fa80e9b7
commit f0dcc1dbbe
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
responsible_disclosure.md → SECURITY.md
View File

@ -49,8 +49,9 @@ In the case where we fix a security issue in Zcash that also affects the followi
We have set up agreements with the following neighboring projects to share vulnerability information, subject to the deviations described in the next section.
Specifically, we have agreed to engage in responsible disclosures for security issues affecting Zcash technology with the following contacts:
Specifically, we have agreed to engage in responsible disclosures for security issues affecting this repository with the following contacts:
- Zcash Foundation https://github.com/ZcashFoundation/zebra/security/policy
- Horizen security@horizen.com via PGP
- Komodo ca333@komodoplatform.com via PGP
- BitcoinABC https://github.com/Bitcoin-ABC/bitcoin-abc/blob/master/DISCLOSURE_POLICY.md
@ -63,4 +64,3 @@ The standard describes reporters of vulnerabilities including full details of an
In the case of a counterfeiting bug, however, just like in CVE-2019-7167, we might decide not to include those details with our reports to partners ahead of coordinated release, so long as we are sure that they are vulnerable.