Security Reporting

Security Reporting 

The project is eager to work with the community to resolve security vulnerabilities in Zeek. The project strives to address security concerns in a timely manner and to properly acknowledge the contributor(s). Follow these steps to report a vulnerability:

  • Please do not publicly disclose the vulnerability until the project has an opportunity to review and address the issue.
  • Whenever possible, use the the PGP key below to ensure the message is encrypted.
  • Email security@zeek.org with a description of the bug, the version of Zeek to which it applies, and any other necessary details to help diagnose the problem.
  • The Zeek development team will confirm receipt of the report within two business days. It may take additional time to correct the issue.
  • If an update is necessary the reporter will receive an acknowledgment in the Zeek distribution CHANGES file.

PGP Encryption Key

The following PGP encryption key is used specifically for reporting security vulnerabilities:

pub   rsa4096/0xA7D41CE47ADF36F3 2015-01-05 [SC] [expires: 2022-01-21]
      B0A23534168BD61E53ADAF00A7D41CE47ADF36F3
uid                   Zeek Security Team <security@zeek.org>
uid                   Bro Security Team <security@bro.org>
sub   rsa4096/0x7F8742982A569E09 2015-01-05 [E] [expires: 2022-01-21]

To get the key, follow this link, or retrieve it from any of the standard key servers.

Thank you for supporting Zeek’s security!

Get Zeek
Downloads
Zeek GitHub
Add-on Packages
Try Zeek Online

Documentation
Feature Release
LTS Release
Dev Version
Dev Resources

Community
Getting Started
Twitter
Youtube
Mailing Lists
Slack
GitHub Issues
Security Reporting
Contact Us

Events
Upcoming Events
Calendar
Past Events

Blog

About
About Zeek
Leadership Team
Code of Conduct
Slack Guidelines