OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: anomaly0617 on November 17, 2020, 04:34:12 pm

Title: Reporting security vulnerabilities
Post by: anomaly0617 on November 17, 2020, 04:34:12 pm

Hypothetically, let's say we find a security vulnerability in OPNSense that we want to (privately!) bring to the attention of developers to get it resolved quickly and quietly. Who should we send this data to, and how should we send it?

Thanks!
-Anomaly0617

Title: Re: Reporting security vulnerabilities
Post by: franco on November 17, 2020, 04:37:19 pm

Hi there,

Drop us a line at security@opnsense.org -- a PGP key is available if required.


Cheers,
Franco

Title: Re: Reporting security vulnerabilities
Post by: anomaly0617 on November 17, 2020, 04:55:11 pm

Hi Franco,

A PGP key would be appreciated. Thanks!

Title: Re: Reporting security vulnerabilities
Post by: anomaly0617 on November 17, 2020, 05:35:27 pm

Found the GPG key, encrypted it and sent it to you for review.

Thanks, Franco!