<!--
Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.

SPDX-License-Identifier: curl
-->

# Security Policy

Read our [Vulnerability Disclosure Policy](docs/VULN-DISCLOSURE-POLICY.md).

## Reporting a Vulnerability

If you have found or just suspect a security problem somewhere in curl or
libcurl, report it on [HackerOne](https://hackerone.com/curl).

We treat security issues with confidentiality until controlled and disclosed responsibly.