Reporting security vulnerabilities

anomaly0617 · November 17, 2020, 04:34:12 PM

Hypothetically, let's say we find a security vulnerability in OPNSense that we want to (privately!) bring to the attention of developers to get it resolved quickly and quietly. Who should we send this data to, and how should we send it?

Thanks!
-Anomaly0617

franco · November 17, 2020, 04:37:19 PM

Hi there,

Drop us a line at security@opnsense.org -- a PGP key is available if required.

Cheers,
Franco

anomaly0617 · November 17, 2020, 04:55:11 PM

Hi Franco,

A PGP key would be appreciated. Thanks!

anomaly0617 · November 17, 2020, 05:35:27 PM

Found the GPG key, encrypted it and sent it to you for review.

Thanks, Franco!

Reporting security vulnerabilities

anomaly0617

November 17, 2020, 04:34:12 PM

franco

November 17, 2020, 04:37:19 PM #1

anomaly0617

November 17, 2020, 04:55:11 PM #2

anomaly0617

November 17, 2020, 05:35:27 PM #3