Skip to content

Security: Naveenub/zksn

Security

SECURITY.md

Security Policy

Reporting

Do NOT open public issues for security vulnerabilities.

Report via:

  1. GPG-encrypted email to key in keys/security.asc (preferred)
  2. GitHub Security Advisory (private, via Security tab)

Include: description, affected component, reproduction steps, severity assessment.

Response Timeline

Severity Definition Target
Critical Deanonymizes users, exposes IPs, compromises keys 7 days
High Breaks economic layer, degrades anonymity set 30 days
Medium DoS, non-privacy leaks 90 days
Low Everything else Best effort

Disclosure

Coordinated disclosure: fix first, disclose after. Reporter credited (or anonymous, by preference).

There aren’t any published security advisories