Security is a cornerstone of the Internet Computer, a blockchain that realizes the vision of a decentralized global computer running throughout the internet. Safeguarding this network is of the utmost importance, and the community’s participation in this effort is essential. The DFINITY Foundation’s newly launched Vulnerability Disclosure Program recognizes the contributions of researchers around the globe who help to ensure that the Internet Computer remains secure. The program provides guidelines and steps on how to responsibly disclose potential vulnerabilities. The DFINITY Security Team maintains this policy and coordinates the program. We will engage with you to understand and evaluate security bugs, as well as coordinate any corresponding fixes as may be necessary. Although the team will work hard to review submissions, as a small team, we have to prioritize our focus depending on the situation. Please be patient and continue to engage with us.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third-party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
The following domains are in scope for this program:
*This program relates to security vulnerabilities found on a) the DFINITY Foundation’s website properties, b) code developed, open source, or deployed by the DFINITY Foundation running on the Internet Computer, or c) Internet Computer Association’s web properties.