Skip to content

Security: ixofoundation/ixo-blockchain

Security

SECURITY.md

IXO Security Policy

The IXO core team and community takes all security issues and vulnerabilities very seriously.

Thanks for improving the security of IXO. We appreciate your efforts. Following these responsible disclosure guidelines will make sure your contribution is acknowledged.

Please report security vulnerabilities to [email protected] or [email protected]. Please avoid opening a public Github issue or posting on social media or Discord.

The IXO team will respond with the next steps following the email. The team will keep you informed on the remediation process and may ask for additional guidance/information.

Please include the following in your report:

  • Your name/affiliation (if any)
  • Description of the technical details of the vulnerability, including how to reproduce.
  • An explanation of who can exploit this vulnerability, including possible attack scenarios.
  • Whether this vulnerability is public or known to third parties.

Vulnerability Disclosure Policy

The core team asks security researchers to keep communications around vulnerabilities private and confidential until a patch is ready.

Additionally, we request:

  • Allow a reasonable amount of time to correct and address the issue.
  • Avoid exploiting the vulnerability.
  • Demonstrate good faith by not disrupting IXO's network, data, or services.

Vulnerability Disclosure Process

Once a report is received, the following process will be followed:

  • The IXO core team will work to verify the issue.
  • Work on a patch in a private repository.
  • Notify the community and validators that a security update is coming, giving ample time to upgrade and apply the patch.

Every effort will be made to handle disclosures in a timely manner. It's very important to follow the above process for vulnerabilities to be handled quickly and effectively.

There aren’t any published security advisories