"Fossies" - the Fresh Open Source Software Archive

Member "sudo-1.9.11p3/docs/SECURITY.md" (12 Jun 2022, 1998 Bytes) of package /linux/misc/sudo-1.9.11p3.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field. See also the last Fossies "Diffs" side-by-side code changes report for "SECURITY.md": 1.9.9_vs_1.9.10.

A hint: This file contains one or more very long lines, so maybe it is better readable using the pure text view mode that shows the contents as wrapped lines within the browser window.


Sudo Security Policy

The Sudo Project takes security seriously. If you believe you have found a security vulnerability in Sudo, you can report it to us as described below.

Reporting Security Issues

Do not report security vulnerabilities through public GitHub issues or Bugzilla.

Instead, report them via email to Todd.Miller@sudo.ws. You may encrypt your message with PGP if you would like. The current PGP key has the fingerprint 59D1 E9CC BA2B 3767 04FD D35B A9F4 C021 CEA4 70FB and may be downloaded from the sudo.ws web site or the OpenPGP Key Server.

We try to respond to security issues in a timely manner but understand that Sudo is a volunteer project.

Include as much of the following information as possible to help us better understand the nature and scope of the potential issue:

This information will help us triage your report more quickly.

As a volunteer-led project, we are not able to offer bug bounties. However, we’d be happy to send you Sudo stickers as a way of saying thank you!

Preferred Languages

We prefer all communications to be in English.

Disclosure Policy

The Sudo Project follows the principle of Coordinated Vulnerability Disclosure. Disclosure is usually coordinated using the distros mailing list.