Skip to content

Latest commit

 

History

History
27 lines (20 loc) · 1.57 KB

SECURITY.md

File metadata and controls

27 lines (20 loc) · 1.57 KB

Security policy

Do not report security vulnerabilities through public GitHub issues.

Instead, you can report them using our security page. Alternatively, you can also send them by email to [email protected]. You can encrypt your email using GnuPG if you want. Use the GPG key with fingerprint C2E4 CAC4 B122 25DE 1C3B B1C9 289D 0820 03D0 1E95.

Include as much of the following information:

  • Type of issue (e.g. buffer overflow, privilege escalation, etc).
  • The location of the affected source code (tag/branch/commit or direct URL).
  • Any special configuration required to reproduce the issue.
  • The Linux distribution affected.
  • Step-by-step instructions to reproduce the issue.
  • Impact of the issue, including how an attacker might exploit the issue.

If you have found a bug that also exists in the original sudo (which, although unlikely, means it is a very serious issue), you must also follow the steps at https://www.sudo.ws/security/policy/

Preferred Languages

We prefer to receive reports in English. If necessary, we also understand Spanish, German and Dutch.

Disclosure Policy

Like original sudo, we adhere to the principle of Coordinated Vulnerability Disclosure.

Security Advisories

Security advisories will be published on GitHub and possibly through other channels.