If you suspect you have found a security defect in BIND or DHCP, or if you wish to inquire about a security issue that you have learned about which has not yet been publicly announced, ISC encourages you to get in touch with our Security Officer using the security-officer@isc.org e-mail address.
However, plain-text e-mail is not a secure choice for communications concerning undisclosed security issues so we ask that you please encrypt your communications to us using the ISC Security Officer public key.
Learn more about Security Vulnerability Disclosure Policy at https://kb.isc.org/article/AA-00861/0
Reporting a Bug
- To report a bug in BIND, other than a security issue, please contact us via bind9-bugs@isc.org
- To report a bug in ISC DHCP, other than a security issue, please contact us via dhcp-bugs@isc.org
For listing of security vulnerabilities about BIND 9, visit ISC’s Knowledge Base’s BIND 9 Vulnerabilities Matrix.
As of Oct, 2010 ISC is now using the CVSS, a program of first.org and NIST, to determine the severity of potential security issues.
BIND
Source: BIND Security Advisory
Source: BIND Security Advisory
ISC DHCP
Source: DHCP Security Advisory
Source: DHCP Security Advisory