Dusk values the security and integrity of our open-source software libraries and strives to provide a secure experience for our users and partners. As part of our commitment to security, we have established a Coordinated Vulnerability Disclosure (CVD) process to ensure that any potential vulnerabilities in our technology are responsibly and promptly addressed.
If you discover a potential vulnerability in any of our software libraries, please follow these guidelines below to report it using GitHub’s vulnerability reporting feature:
- Do not publicly disclose the vulnerability or exploit it.
- Navigate to the main page of the affected repository on GitHub.com.
- Click “Security” under the repository name. If it’s not visible, select the dropdown menu, and then click “Security”.
- Click “Advisories” in the left sidebar under “Reporting”.
- Select “Report a vulnerability” to open the advisory form. Fill in the advisory form, including details about the affected library, version, vulnerability description, and reproduction steps.
- Our team will acknowledge receipt of the report within three working days and provide an estimated timeline for resolution.
- We will collaborate with the reporter to thoroughly understand, investigate and develop a fix for the vulnerability.
- After developing and deploying the fix, we will notify the reporter and any affected parties, as applicable.
- Our team will publicly disclose the vulnerability and the steps taken to address it. The reporter and the associated organization will be thanked and acknowledged for their efforts and contribution.
By adhering to this process, we can work together to ensure the security and integrity of our open-source libraries, safeguarding the assets of our users and partners. We appreciate your efforts in helping us maintain the security of our technology.