1<!-- 2Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 4SPDX-License-Identifier: MPL-2.0 5 6This Source Code Form is subject to the terms of the Mozilla Public 7License, v. 2.0. If a copy of the MPL was not distributed with this 8file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 10See the COPYRIGHT file distributed with this work for additional 11information regarding copyright ownership. 12--> 13# Security Policy 14 15ISC's Security Vulnerability Disclosure Policy is documented in the 16relevant [ISC Knowledgebase article][1]. 17 18## Reporting possible security issues 19 20If you think you may be seeing a potential security vulnerability in 21BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure), 22please report it immediately by [opening a confidential GitLab issue][2] 23(preferred) or emailing bind-security@isc.org. 24 25Please do not discuss undisclosed security vulnerabilities on any public 26mailing list. ISC has a long history of handling reported 27vulnerabilities promptly and effectively and we respect and acknowledge 28responsible reporters. 29 30If you have a crash, you may want to consult the Knowledgebase article 31entitled ["What to do if your BIND or DHCP server has crashed"][3]. 32 33[1]: https://kb.isc.org/docs/aa-00861 34[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug 35[3]: https://kb.isc.org/docs/aa-00340 36