[tor-dev] Responsible disclosure

Bram de Boer bram at nosur.com
Thu Sep 18 20:59:44 UTC 2014


How can I responsibly report a bug that might affect security (e.g. possibility to DoS Tor nodes)? I searched the torproject.org website, but couldn't find any pointers with respect to responsible disclosure.

Do I just file a trac ticket and/or drop it in this mailinglist? Do I report it directly to some of the key players in this project (Roger, Nick, etc.)?


More information about the tor-dev mailing list