github.com/KYVENetwork/cometbft/v38@v38.0.3/SECURITY.md

github.com/KYVENetwork/cometbft/v38@v38.0.3/SECURITY.md (about)

     1  # How to Report a Security Bug
     2  
     3  If you believe you have found a security vulnerability in the Interchain Stack,
     4  you can report it to our primary vulnerability disclosure channel, the [Cosmos
     5  HackerOne Bug Bounty program][h1].
     6  
     7  If you prefer to report an issue via email, you may send a bug report to
     8  <security@interchain.io> with the issue details, reproduction, impact, and other
     9  information. Please submit only one unique email thread per vulnerability. Any
    10  issues reported via email are ineligible for bounty rewards.
    11  
    12  Artifacts from an email report are saved at the time the email is triaged.
    13  Please note: our team is not able to monitor dynamic content (e.g. a Google Docs
    14  link that is edited after receipt) throughout the lifecycle of a report. If you
    15  would like to share additional information or modify previous information,
    16  please include it in an additional reply as an additional attachment.
    17  
    18  Please **DO NOT** file a public issue in this repository to report a security
    19  vulnerability.
    20  
    21  ## Coordinated Vulnerability Disclosure Policy and Safe Harbor
    22  
    23  For the most up-to-date version of the policies that govern vulnerability
    24  disclosure, please consult the [HackerOne program page][h1-policy].
    25  
    26  The policy hosted on HackerOne is the official Coordinated Vulnerability
    27  Disclosure policy and Safe Harbor for the Interchain Stack, and the teams and
    28  infrastructure it supports, and it supersedes previous security policies that
    29  have been used in the past by individual teams and projects with targets in
    30  scope of the program.
    31  
    32  [h1]: https://hackerone.com/cosmos?type=team
    33  [h1-policy]: https://hackerone.com/cosmos?type=team&view_policy=true