mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-28 20:47:48 +00:00
Code Issues Releases Wiki Activity

Text edits; add "no bug bounties" text

Browse Source
This commit is contained in:
Suzanne Goldlust 2025-03-13 18:06:16 +00:00 committed by Andrei Pavel
parent 2637ca54ab
commit 1fd180bc20
1 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
SECURITY.md
View File

@ -30,33 +30,42 @@ Starting with the Kea 1.7 release, all Kea versions with an odd minor
version number are development releases, and become EOL as soon as the version number are development releases, and become EOL as soon as the
following stable release is published. following stable release is published.
Limited past EOL support may be available to higher tier customers. Limited past EOL support may be available to higher-tier customers.
Please contact ISC sales, using this form: https://www.isc.org/contact/ Please contact ISC sales, using this form: https://www.isc.org/contact/
## Reporting a Vulnerability ## Reporting a Vulnerability
To report security vulnerability, please follow this instruction: To report a security vulnerability, please follow the instructions on this
page:
https://www.isc.org/reportbug/ https://www.isc.org/reportbug/
Briefly, we prefer confidential issue on gitlab (not github). An issue is We prefer a confidential issue on GitLab (not GitHub). An issue is
much better, because it's easier to get more ISC engineers involved in it, much better, because it's easier to get more ISC engineers involved in it,
evolve the case as more information is known, update or extra information, etc. evolve the case as more information is known, update or add information, etc.
Second best is to send e-mail (possibly encrypted) to kea-security@isc.org. If a GitLab issue is not possible, please send e-mail (possibly encrypted)
to kea-security@isc.org.
## Software Defects and Security Vulnerability Disclosure Policy ## Reporting a Bug
We are working with the interests of the greater Internet at heart, and we
hope you are too. In that vein, we do not offer bug bounties. If you think
you have found a bug in Kea, we encourage you to report it responsibly at the
link above; if verified, we will be happy to credit you in our Release Notes.
## Software Defect and Security Vulnerability Disclosure Policy
ISC treats the security of its software products very seriously. This ISC treats the security of its software products very seriously. This
document discusses the evaluation of a defect severity and the process document discusses the evaluation of a defect's severity and the process
in detail: https://kb.isc.org/docs/aa-00861 in detail: https://kb.isc.org/docs/aa-00861
## Further reading ## Further Reading
The **Kea security** section of Kea ARM discusses the technical The **Kea security** section of Kea ARM discusses the technical
aspects, such as how to properly configure TLS certificates, how to secure aspects, such as how to properly configure TLS certificates and how to secure
Kea deployment and also what the security incident handling process Kea deployment, and also what the security incident handling process
looks like: https://kea.readthedocs.io/en/latest/arm/security.html#kea-security-processes looks like: https://kea.readthedocs.io/en/latest/arm/security.html#kea-security-processes
The **Past advisories** for Kea can be found on the KB: https://kb.isc.org/docs **Past advisories** for Kea can be found in our KB: https://kb.isc.org/docs.
On the left hand panel, see the `Security Advisiories` in the `Kea DHCP` section. On the left-hand panel, see the `Security Advisories` in the `Kea DHCP` section.