You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The Rooch dev team takes the security of our project seriously. We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
To report a security vulnerability, please use the GitHub Security Advisory **"Report a security vulnerability"** feature.
**Please do not report security vulnerabilities through public GitHub issues.**
When reporting a vulnerability, please provide as much information as possible, including:
1. A description of the vulnerability
2. Steps to reproduce the issue
3. Potential impact of the vulnerability
4. Any potential mitigations you've identified
## Response Time
We will acknowledge receipt of your vulnerability report within 3 business days and will send you regular updates about our progress.
## Disclosure Policy
When we receive a security bug report, we will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
1. Confirm the problem and determine the affected versions.
2. Audit code to find any potential similar problems.
3. Prepare fixes for all releases still under maintenance.
4. Release new versions and update the public repository.
## Comments on this Policy
If you have suggestions on how this process could be improved, please submit a pull request.
Thank you for helping keep Rooch and our users safe!
