Skip to content

Security: wolfSSL/wolfssl

Security

.github/SECURITY.md

Security Policy

Reporting a Vulnerability

Use of the wolfSSL Vulnerability Report Template is mandatory. All security reports must use SECURITY-REPORT-TEMPLATE.md, with every required field completed. Reports that do not use the template, or that leave required fields incomplete, will not receive CVE consideration.

Submit the completed template to support@wolfssl.com. You may also send it to secure@wolfssl.com and encrypt it with our PGP key:

Fingerprint: A2A4 8E7B CB96 C5BE CB98 7314 EBC8 0E41 5CA2 9677
Key server: keys.openpgp.org

Non-template submissions may still be reviewed on the merits and, where appropriate, addressed as hardening fixes in a future release.

Please keep the vulnerability private until a fix has been released.

Full Policy

For the full policy — severity rubric, scope, coordinated-disclosure practice, and reporter credit — see SECURITY-POLICY.md. The same policy is also published at https://www.wolfssl.com/.well-known/vulnerability-disclosure-policy.txt so that other wolfSSL repositories can reference one canonical copy.

There aren't any published security advisories