This repository houses references, artifacts, policies and deliverables for maintenance and security of the Cosmos Stack.
Cosmos Labs' maintenance policy for the Cosmos Stack is detailed in:
- Canonical release family lifecycle/support policy: https://docs.cosmos.network/sdk/latest/release-family
- Security repository policy and process references: ./POLICY.md
As part of our coordinated vulnerability disclosure policy, we offer a Safe Harbor to all security researchers who work with us in good faith. Please visit our Bug Bounty program at https://hackerone.com/cosmos to learn more, and to report any Security issues you may discover in the Cosmos Stack.
Additionally, the @security alias at security@cosmoslabs.io is continuously monitored for security coordination.
You may have run across one of our advisories while working in the Cosmos Stack. To see a complete list of all public advisories, see ADVISORIES.md.
Our team will also post public resources about security topics in the resources folder.