If you discover a security vulnerability in Emerald, please report it privately and DO NOT open a public GitHub issue.
To report a vulnerability:
- Email:
security@informal.systems - Include a clear description of the issue
- Provide steps to reproduce, if possible
- Include affected versions, commit hashes, or configurations
- Add any relevant logs, PoCs, or screenshots
There is no bounty reward system in place for Emerald yet.
We follow a coordinated disclosure process:
- We acknowledge receipt of your report within a reasonable timeframe.
- We investigate and validate the issue.
- We develop and test a fix.
- We coordinate public disclosure after a fix is available.
Please allow us time to address the issue before making any public disclosures.
For the most up-to-date version of the policies that govern our approach to vulnerability disclosure, please consult the Gold Standard Safe Harbor Statement.
Thank you for helping keep Emerald secure.