From 78c38363412db3ea1cd1f0cc42dd1624c078ee32 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Mon, 28 Oct 2019 14:59:05 +0000 Subject: [PATCH] Add SECURITY.md --- README.md | 5 +++++ SECURITY.md | 15 +++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 SECURITY.md diff --git a/README.md b/README.md index b4ff14c9f6fd6..06ac500472e02 100644 --- a/README.md +++ b/README.md @@ -70,3 +70,8 @@ Exhaustive tests With valgrind, you might need to increase the max stack size: $ valgrind --max-stackframe=2500000 ./exhaustive_tests + +Reporting a vulnerability +------------ + +See [SECURITY.md](SECURITY.md) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000000..0e4d588030274 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Reporting a Vulnerability + +To report security issues send an email to secp256k1-security@bitcoincore.org (not for support). + +The following keys may be used to communicate sensitive information to developers: + +| Name | Fingerprint | +|------|-------------| +| Pieter Wuille | 133E AC17 9436 F14A 5CF1 B794 860F EB80 4E66 9320 | +| Andrew Poelstra | 699A 63EF C17A D3A9 A34C FFC0 7AD0 A91C 40BD 0091 | +| Tim Ruffing | 09E0 3F87 1092 E40E 106E 902B 33BC 86AB 80FF 5516 | + +You can import a key by running the following command with that individual’s fingerprint: `gpg --recv-keys ""` Ensure that you put quotes around fingerprints containing spaces.