Skip to content

Security: Concordium/concordium.github.io

Security

.github/SECURITY.md

Security Policy

We appreciate your time and effort in responsibly reporting any security vulnerabilities you may find on our blockchain or in the related tooling.

Reporting a Vulnerability

Please write an email to security@concordium.com.

Do not create a public bug ticket mentioning the vulnerability or discuss it publically before we got the chance to fix it and coordinate disclosure.

Your mail report should include the following information:

  • description of the vulnerability
  • clear steps to reproduce
  • potential impact
  • attack scenario (if any)
  • affected components
  • github username

You'll receive a first response to your email after one working day. If applicable, a new security advisory will be opened and all further communication will proceed there with you as invited collaborator.

Before writing to us, please check out of scope and previously published security advisories.

🙏 Thank you 🙏

Out of Scope

Eligibility

We may reward reports of critical or high severity.

There aren’t any published security advisories