What's your security vulnerability disclosure policy?

Hello free5GC Team,

we have found a security vulnerability in free5GC and would like to report it to you. Which communication channel do you prefer to be informed about it?

Best regards
Tobias Funke, Radix Security

Github issue: https://github.com/free5gc/free5gc/issues/417

Any updates on this question? @free5GC

Hi @tobiasfunke1 ,

It will be great to contact the team through [email protected].

Hi @pcbenlin,

thanks for your answer. I already wrote a message to this email address on Dec 19, 2022 and received this auto-reply message:

Thank you very much for your interest in free5GC. Except for stage 1, the license of free5GC follows Apache 2.0. That is, anyone can use free5GC for commercial purposes for free. We will not charge any license fee.

For technical questions, please ask on our official forum: https://forum.free5gc.org. Again, please ask your technical questions on the free5GC forum. You won’t receive any answers by email for technical questions.

Many Thanks.
free5GC Support Team

Since it’s probably a technical question, I created a ticket on GitHub on Dec 21, 2022 with the same question and also a question on the forum on Jan 29, 2023. So far I have not received a response through any channel.

Hi @tobiasfunke1,

You could try this email ([email protected]).

Hi @pcbenlin,

Thanks for the nice offer, but I would prefer to send the report directly to the security team. If you could provide me with a contact, I would be very grateful.