Add SECURITY.md

2019-10-28 14:59:05 +00:00 · 2019-10-28 14:59:05 +00:00 · 78c3836341
commit 78c3836341
parent 137d304a6b
2 changed files with 20 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -70,3 +70,8 @@ Exhaustive tests
 With valgrind, you might need to increase the max stack size:

    $ valgrind --max-stackframe=2500000 ./exhaustive_tests
+
+Reporting a vulnerability
+------------
+
+See [SECURITY.md](SECURITY.md)
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,15 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report security issues send an email to secp256k1-security@bitcoincore.org (not for support).
+
+The following keys may be used to communicate sensitive information to developers:
+
+| Name | Fingerprint |
+|------|-------------|
+| Pieter Wuille | 133E AC17 9436 F14A 5CF1  B794 860F EB80 4E66 9320 |
+| Andrew Poelstra | 699A 63EF C17A D3A9 A34C  FFC0 7AD0 A91C 40BD 0091 |
+| Tim Ruffing | 09E0 3F87 1092 E40E 106E  902B 33BC 86AB 80FF 5516 |
+
+You can import a key by running the following command with that individual’s fingerprint: `gpg --recv-keys "<fingerprint>"` Ensure that you put quotes around fingerprints containing spaces.