-
Notifications
You must be signed in to change notification settings - Fork 39
How do I disclose a security vulnerability?
dominic-mulligan-arm edited this page Oct 31, 2020
·
1 revision
We have a defined policy for reporting security-critical vulnerabilities in Veracruz. We consider a bug or vulnerability "security-critical" when it can be used to exfiltrate confidential data from a Veracruz computation without using any mechanism that is not explicitly outside the scope of the Veracruz threat model, as discussed in What is the Veracruz threat model?
If you have indeed found such a bug, please report it directly via the e-mail alias [email protected].
Also: see the Veracruz homepage for the latest project news.