45466 policies in database
Link to program      
2019-04-25
2019-08-06
Python Cryptographic Authority logo
Thank
Gift
HOF
Reward

Python Cryptographic Authority

This page can be used for reporting security vulnerabilities in any of the Python Cryptographic Authority family of libraries.

Because we're building libraries for security, we take a very broad view of what constitutes a security vulnerability. Our definition for a vulnerability is:

> Anytime it’s possible to write code using the library's public API which does not provide the guarantees that a reasonable developer would expect it to based on our documentation.

For our web properties we are interested in any typical web vulnerabilities. Please note that our websites are all (so far as we know) static.

Disclosure policy

  • Please report issues here, with enough information for us to reproduce (or analytically understand) and for us to resolve them.

  • We'll endeavor to respond as quickly as possible, and come up with a solution.

  • For issues in our open source libraries, we'll always credit reporters in our changelog and in CVEs.

  • For issues with no security impact, please file a bug in our public issue tracker.

Exclusions

The following findings do not qualify:

  • Web vulnerabilities that do not impact modern browsers (i.e. a vulnerability that only impacts IE9 would not qualify).

  • Clickjacking on domains that do not contain any state.

  • Lack of CAA records.

  • Mail spoofing issues.

In Scope

Scope Type Scope Name
web_application

*.pyopenssl.org

web_application

*.cryptography.io

web_application

https://github.com/pyca/pyopenssl

web_application

https://github.com/pyca/bcrypt

web_application

https://github.com/pyca/pynacl

web_application

https://github.com/pyca/cryptography

web_application

https://github.com/pyca/infra


The progam has been crawled by Firebounty on 2019-04-25 and updated on 2019-08-06, 3 reports have been received so far.

FireBounty © 2015-2024

Legal notices | Privacy policy