Security vulnerability reporting
Submit vulnerabilities privately
Do NOT discuss potential security vulnerabilities on the issue tracker, public forums or open discussion channels. Submit sensitive issues privately to the Nano Foundation for review.
If you discover a bug you believe to pose a security risk to the Nano network, please contact security@nano.org with a proof of concept with full details of the bug including:
- Repository of the bug
- High-level summary
- Detailed description
- Steps to reproduce
- Supporting material/references
- The potential security impact of the bug
It is strongly recommended to encrypt the email using GPG and the pubkeys for this purpose can be found on the SECURITY file in the node repository. The Nano Foundation will work to determine potential impacts and coordinate resolution in a node release.