Hyperledger Security Policy

Reporting a Security Bug

If you think you have discovered a security issue in any of the Hyperledger projects, we'd love to hear from you. We will take all security bugs seriously and if confirmed upon investigation we will patch it within a reasonable amount of time and release a public security bulletin discussing the impact and credit the discoverer.

Besu uses a dedicated security list: security-besu@lists.hyperledger.org.

The members are:

Gary Schulte, Consensys
Jason Frame, Consensys
Fabio Difabio, Consensys
Sally MacFarlane, Consensys
Karim Taam, Consensys
Ry Jones, Linux Foundation
Hart Montgomery, Linux Foundation
Danno Ferrin, independent

For how to report a security issue, and what happens next, refer to the Defect Response page.