mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00

Daniel Stenberg ed7bf43a08

BUG-BOUNTY.md: minor rephrase to say there is no bug bounty

also add a brief mention to VULN-DISCLOSURE-POLICY.md

Closes #20878

2026-03-10 17:34:08 +01:00

478 B

Raw Blame History

No curl bug bounty

The curl project does not offer any rewards for reported bugs or vulnerabilities. We do not aid security researchers to get such rewards for curl problems from other sources.

A bug bounty gives people too strong incentives to find and make up "problems" in bad faith that cause overload and abuse.

We still appreciate and value valid vulnerability reports.

478 B Raw Blame History

No curl bug bounty

478 B

Raw Blame History