If you believe you have found a security vulnerability in Stride, you can report it to our primary vulnerability disclosure email security@stridelabs.co.
Please include the issue details, reproduction, impact, and other information. Please submit only one unique email thread per vulnerability.
Artifacts from an email report are saved at the time the email is triaged. Please note: our team is not able to monitor dynamic content (e.g. a Google Docs link that is edited after receipt) throughout the lifecycle of a report. If you would like to share additional information or modify previous information, please include it in an additional reply as an additional attachment.
Please DO NOT file a public issue in this repository to report a security vulnerability.
We require that all researchers:
- Abide by this policy to disclose vulnerabilities, and avoid posting vulnerability information in public places, including GitHub, Discord, Telegram, and Twitter. Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems (including but not limited to the Cosmos Hub), and destruction of data.
- Keep any information about vulnerabilities that you’ve discovered confidential between yourself and the Stride engineering team until the issue has been resolved and disclosed.
- Avoid posting personally identifiable information, privately or publicly.
If you follow these guidelines when reporting an issue to us, we commit to:
- Work with you to understand, resolve and ultimately disclose the issue in a timely fashion