c/quicproquo

Files

Christian Nennemann b98dcc27ae chore: rename quicproquo → quicprochat in SECURITY.md

2026-03-21 19:14:06 +01:00

987 B

Raw Blame History

Security Policy

Supported Versions

Only the current main branch is supported with security updates.

Reporting a Vulnerability

Do not use public GitHub issues to report security vulnerabilities.

Instead, email security@quicprochat.org with:

A description of the vulnerability
Steps to reproduce or a proof of concept
The affected component(s) and potential impact

We will acknowledge your report within 48 hours and work with you on a fix under a 90-day coordinated disclosure timeline.

What Qualifies

Cryptographic implementation bugs (MLS, Noise, hybrid KEM, key derivation)
Authentication or authorization bypass
Key material leakage (memory, logs, network)
Protocol-level flaws (replay, downgrade, impersonation)
Any issue that compromises message confidentiality or integrity

Credit

Reporters are credited in published security advisories unless they prefer to remain anonymous. Let us know your preference when you report.