The project is eager to work with the community to resolve security vulnerabilities in Zeek. The project strives to address security concerns in a timely manner and to properly acknowledge the contributor(s). Follow these steps to report a vulnerability:
- Please do not publicly disclose the vulnerability until the project has an opportunity to review and address the issue.
- Whenever possible, use the the PGP key below to ensure the message is encrypted.
- Email email@example.com with a description of the bug, the version of Zeek to which it applies, and any other necessary details to help diagnose the problem.
- The Zeek development team will confirm receipt of the report within two business days. It may take additional time to correct the issue.
- If an update is necessary the reporter will receive an acknowledgment in the Zeek distribution CHANGES file.
PGP Encryption Key
The following PGP encryption key is used specifically for reporting security vulnerabilities:
To get the key, follow this link, or retrieve it from any of the standard key servers.
Thank you for supporting Zeek’s security!