1*6236dae4SAndroid Build Coastguard Worker<!-- 2*6236dae4SAndroid Build Coastguard WorkerCopyright (C) Daniel Stenberg, <[email protected]>, et al. 3*6236dae4SAndroid Build Coastguard Worker 4*6236dae4SAndroid Build Coastguard WorkerSPDX-License-Identifier: curl 5*6236dae4SAndroid Build Coastguard Worker--> 6*6236dae4SAndroid Build Coastguard Worker 7*6236dae4SAndroid Build Coastguard Worker# Security Policy 8*6236dae4SAndroid Build Coastguard Worker 9*6236dae4SAndroid Build Coastguard WorkerRead our [Vulnerability Disclosure Policy](docs/VULN-DISCLOSURE-POLICY.md). 10*6236dae4SAndroid Build Coastguard Worker 11*6236dae4SAndroid Build Coastguard Worker## Reporting a Vulnerability 12*6236dae4SAndroid Build Coastguard Worker 13*6236dae4SAndroid Build Coastguard WorkerIf you have found or just suspect a security problem somewhere in curl or 14*6236dae4SAndroid Build Coastguard Workerlibcurl, report it on [HackerOne](https://hackerone.com/curl). 15*6236dae4SAndroid Build Coastguard Worker 16*6236dae4SAndroid Build Coastguard WorkerWe treat security issues with confidentiality until controlled and disclosed responsibly. 17*6236dae4SAndroid Build Coastguard Worker 18*6236dae4SAndroid Build Coastguard Worker## OpenSSF Best Practices 19*6236dae4SAndroid Build Coastguard Worker 20*6236dae4SAndroid Build Coastguard Workercurl has achieved Gold status on the Open Source Security Foundation (OpenSSF) 21*6236dae4SAndroid Build Coastguard Worker[Best Practices](https://bestpractices.dev/) (formerly Core Infrastructure 22*6236dae4SAndroid Build Coastguard WorkerInitiative Best Practices), reflecting its adherence to rigorous 23*6236dae4SAndroid Build Coastguard Workersecurity and best practice standards. This achievement highlights curl's 24*6236dae4SAndroid Build Coastguard Workercomprehensive documentation, secure development processes, effective change 25*6236dae4SAndroid Build Coastguard Workercontrol mechanisms, and strong maintenance routines. Meeting these criteria 26*6236dae4SAndroid Build Coastguard Workerdemonstrates curl's commitment to security and reliability, ensuring the 27*6236dae4SAndroid Build Coastguard Workerproject's sustainability and trustworthiness. This underscores curl's role as 28*6236dae4SAndroid Build Coastguard Workera leader in open-source software practices. More information can be found on 29*6236dae4SAndroid Build Coastguard Worker[curl's OpenSSF Best Practices project page](https://www.bestpractices.dev/projects/63). 30