We maintain the latest version of Whois only.
Please read about our Responsible Disclosure Policy here: https://www.ripe.net/support/contact/responsible-disclosure-policy
If you find a security vulnerability in Whois.
- Please do not share the issue with others until it has been resolved.
- Please do not publish anything about the resolved issue unless this has been discussed with us.
- Email your findings to security@ripe.net. Submitting a notification under a pseudonym is allowed. If you’d like to encrypt your email, you can use our public PGP key (https://www.ripe.net/support/contact/responsible-disclosure-policy/pgp-key-for-reporting-security-vulnerabilities).
- Please provide sufficient information for us to reproduce the issue so that we can resolve it as soon as possible.
- Please delete all confidential information obtained through the vulnerability as soon as possible after reporting it, but always after consulting us to make sure that we can reproduce the issue.
Disclaimer
The RIPE NCC has started with a formal Bug Bounty program with Intigriti. Currently this is an 'invite-only' program for security researchers that have registered with Intigriti. If you want to participate, please contact Intigriti Support.
You are only eligible for a bounty when participating through the Intigriti program.