Scribd
Upload
20 views

Security - Everything Curl

Curl takes security seriously and works hard to provide secure implementations of protocols. When security issues are discovered, curl aims to provide fixes in the next pending release and notifies vendors before public announcement to limit exploitation. Curl documents all past security problems thoroughly to help users determine vulnerabilities for their version and use case. It presents a chart and complete list of all known security issues to aid transparency.

Uploaded by

not here
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
20 views

Security - Everything Curl

Curl takes security seriously and works hard to provide secure implementations of protocols. When security issues are discovered, curl aims to provide fixes in the next pending release and notifies vendors before public announcement to limit exploitation. Curl documents all past security problems thoroughly to help users determine vulnerabilities for their version and use case. It presents a chart and complete list of all known security issues to aid transparency.

Uploaded by

not here
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

21.8.

2020 Security - Everything curl

Security

Security is a primary concern for us in the curl project. We take it seriously and we work hard on
providing secure and safe implementations of all protocols and related code. As soon as we get
knowledge about a security related problem or just a suspected problem, we deal with it and we
will attempt to provide a fix and security notice no later than in the next pending release.

We use a responsible disclosure policy, meaning that we prefer to discuss and work on security
fixes out of the public eye and we alert the vendors on the openwall.org list a few days before we
announce the problem and fix to the world. This, in an attempt to shorten the time span the bad
guys can take advantage of a problem until a fixed version has been deployed.

Past security problems

During the years we have had our fair share of security related problems. We work hard on
documenting every problem thoroughly with all details listed and clearly stated to aid users.
Users of curl should be able to figure out what problems their particular curl versions and use
cases are vulnerable to.

To help with this, we present this waterfall chart showing how all vulnerabilities affect which curl
versions and we have this complete list of all known security problems since the birth of this
project.

https://ec.haxx.se/curl/curl-security 1/1

You might also like