Security Reporting

Security Reporting 

The project is eager to work with the community to resolve security vulnerabilities in Zeek. The project strives to address security concerns in a timely manner and to properly acknowledge the contributor(s). Follow these steps to report a vulnerability:

  • Please do not publicly disclose the vulnerability until the project has an opportunity to review and address the issue.
  • Whenever possible, use the the PGP key below to ensure the message is encrypted.
  • Email security@zeek.org with a description of the bug, the version of Zeek to which it applies, and any other necessary details to help diagnose the problem.
  • The Zeek development team will confirm receipt of the report within two business days. It may take additional time to correct the issue.
  • If an update is necessary the reporter will receive an acknowledgment in the Zeek distribution CHANGES file.

PGP Encryption Key

The following PGP encryption key is used specifically for reporting security vulnerabilities:

To get the key, follow this link, or retrieve it from any of the standard key servers.

Thank you for supporting Zeek’s security!