Security

Reporting Vulnerabilities

Please refrain from discussing potential security issues in any mailing lists or public forums. Instead, work with the Security Officer Team to determine the impact and resolution of the vulnerability.

Code: If you find a security vulnerability in any of NTF's Project codebases, please report it by PGP-encrypted email to that project's security address.

Pool: Issues for "pool.ntp.org" and its subdomains should be reported to the NTP Pool Project.

Other: Non-code vulnerabilities (such as a website issue) should be reported to webmaster.

Project-Specific Security Addresses

When reporting a vulnerability in a codebase, please use the security email address for the Project with the code vulnerability. You can encrypt your email using the NTF Security Officer PGP Key.