bind/SECURITY.md

<!--
Copyright (C) Internet Systems Consortium, Inc. ("ISC")

SPDX-License-Identifier: MPL-2.0

This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0.  If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.

See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
-->
# Security Policy

ISC's Security Vulnerability Disclosure Policy is documented in the
relevant [ISC Knowledgebase article][1].

## Reporting possible security issues

If you think you may be seeing a potential security vulnerability in
BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure),
please report it immediately by [opening a confidential GitLab issue][2]
(preferred) or emailing bind-security@isc.org.

Please do not discuss undisclosed security vulnerabilities on any public
mailing list. ISC has a long history of handling reported
vulnerabilities promptly and effectively and we respect and acknowledge
responsible reporters.

If you have a crash, you may want to consult the Knowledgebase article
entitled ["What to do if your BIND or DHCP server has crashed"][3].

[1]: https://kb.isc.org/docs/aa-00861
[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug
[3]: https://kb.isc.org/docs/aa-00340
Move security-related information to SECURITY.md To follow current best practices, create a short SECURITY.md file in the root of the repository that contains information about the project's security policy and guidelines for reporting potential security issues. Replace the relevant bits of text in other files with references to the new SECURITY.md file, so that the relevant information only needs to be maintained in one place. Replace all occurrences of the generic security-officer@isc.org email with a dedicated address for reporting BIND 9 security issues, bind-security@isc.org. 2023-09-04 11:54:57 +02:00			`<!--`
			`Copyright (C) Internet Systems Consortium, Inc. ("ISC")`

			`SPDX-License-Identifier: MPL-2.0`

			`This Source Code Form is subject to the terms of the Mozilla Public`
			`License, v. 2.0. If a copy of the MPL was not distributed with this`
			`file, you can obtain one at https://mozilla.org/MPL/2.0/.`

			`See the COPYRIGHT file distributed with this work for additional`
			`information regarding copyright ownership.`
			`-->`
			`# Security Policy`

			`ISC's Security Vulnerability Disclosure Policy is documented in the`
			`relevant [ISC Knowledgebase article][1].`

			`## Reporting possible security issues`

			`If you think you may be seeing a potential security vulnerability in`
			`BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure),`
			`please report it immediately by [opening a confidential GitLab issue][2]`
			`(preferred) or emailing bind-security@isc.org.`

			`Please do not discuss undisclosed security vulnerabilities on any public`
			`mailing list. ISC has a long history of handling reported`
			`vulnerabilities promptly and effectively and we respect and acknowledge`
			`responsible reporters.`

			`If you have a crash, you may want to consult the Knowledgebase article`
			`entitled ["What to do if your BIND or DHCP server has crashed"][3].`

			`[1]: https://kb.isc.org/docs/aa-00861`
			`[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug`
			`[3]: https://kb.isc.org/docs/aa-00340`