mirror of https://github.com/nucypher/nucypher.git
19 lines
1.2 KiB
Markdown
19 lines
1.2 KiB
Markdown
|
# Security Policy
|
||
|
|
|
||
|
|
## Reporting a Vulnerability
|
||
|
|
|
||
|
|
If you identify vulnerabilities with _any_ nucypher code, please email security@nucypher.com with relevant information to your findings.
|
||
|
|
We will work with researchers to coordinate vulnerability disclosure between our stakers, partners, and users to ensure successful mitigation of vulnerabilities.
|
||
|
|
|
||
|
|
Throughout the reporting process, we expect researchers to honor an embargo period that may vary depending on the severity of the disclosure.
|
||
|
|
This ensures that we have the opportunity to fix any issues, identify further issues (if any), and inform our users.
|
||
|
|
|
||
|
|
Sometimes vulnerabilities are of a more sensitive nature and require extra precautions.
|
||
|
|
We are happy to work together to use a more secure medium, such as Signal.
|
||
|
|
Email security@nucypher.com and we will coordinate a communication channel that we're both comfortable with.
|
||
|
|
|
||
|
|
A great place to begin your research is by working on our testnet.
|
||
|
|
Please see our [documentation](https://docs.nucypher.com) to get started.
|
||
|
|
We ask that you please respect network machines and their owners.
|
||
|
|
If you find a vulnerability that you suspect has given you access to a machine against the owner's permission, stop what you're doing and immediately email security@nucypher.com.
|