Skip to content

Security: RIPE-NCC/whois

SECURITY.md

Security Policy

Supported Versions

We maintain the latest version of Whois only.

Reporting a Vulnerability

Please read about our Responsible Disclosure Policy here: https://www.ripe.net/support/contact/responsible-disclosure-policy

What we request of you

If you find a security vulnerability in Whois.

  • Please do not share the issue with others until it has been resolved.
  • Please do not publish anything about the resolved issue unless this has been discussed with us.
  • Email your findings to security@ripe.net. Submitting a notification under a pseudonym is allowed. If you’d like to encrypt your email, you can use our public PGP key (https://www.ripe.net/support/contact/responsible-disclosure-policy/pgp-key-for-reporting-security-vulnerabilities).
  • Please provide sufficient information for us to reproduce the issue so that we can resolve it as soon as possible.
  • Please delete all confidential information obtained through the vulnerability as soon as possible after reporting it, but always after consulting us to make sure that we can reproduce the issue.

Disclaimer

The RIPE NCC has started with a formal Bug Bounty program with Intigriti. Currently this is an 'invite-only' program for security researchers that have registered with Intigriti. If you want to participate, please contact Intigriti Support.

You are only eligible for a bounty when participating through the Intigriti program.

There aren’t any published security advisories