Security Reporting
Security Reporting
The project is eager to work with the community to resolve security vulnerabilities in Zeek. The project strives to address security concerns in a timely manner and to properly acknowledge the contributor(s). Follow these steps to report a vulnerability:
- Please do not publicly disclose the vulnerability until the project has an opportunity to review and address the issue.
- Email security@zeek.org with a description of the bug, the version of Zeek to which it applies, and any other necessary details to help diagnose the problem.
- Please send one plain-text, unencrypted, email for each vulnerability you are reporting.
- The Zeek development team will confirm receipt of the report within two business days. It may take additional time to correct the issue.
- If an update is necessary the reporter will receive an acknowledgment in the Zeek distribution CHANGES file.
Please see Zeek’s security release process for more information on how we handle security issues.