Mintlayer runs a responsible disclosure program for security issues, as such all security issues should be reported to security@mintlayer.org or ben@mintlayer.org. If you disclose a valid security issue then you may be eligble for a bounty paid in MLT see the details here.

It's best to err on the side of caution, if you find something you think is security related but not eligible for the bounty or something you're not 100% sure about then let us know on the above email addresses anyway as we treat each report on a report by report basis so you may still be paid a bounty.

GPG keys for members for those you may speak to regarding security issues can be found on Mintlayer's team page, if the person has a key by their name then they could reply to you. If you click on the key you'll find their GPG key.

Security issues may not be publicly announced until Mintlayer agrees.