At DeepChain, we take security seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please send emails to security@deepchain.io with the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (if available)
- Initial Response: We will acknowledge receipt of your vulnerability report within 24 hours.
- Status Updates: We will provide regular updates about the progress of addressing the vulnerability.
- Resolution: Once fixed, we will notify you and discuss the details of public disclosure.
This security policy applies to:
- DeepChain core framework
- Official examples and documentation
- Deployment tools and scripts
- API endpoints and services
When using DeepChain, please follow these security guidelines:
-
API Keys and Credentials
- Never commit API keys to version control
- Use environment variables for sensitive data
- Rotate keys regularly
-
Network Security
- Use secure connections (HTTPS/WSS)
- Implement proper firewall rules
- Monitor network traffic
-
Access Control
- Implement proper authentication
- Use role-based access control
- Regular access reviews
-
Data Protection
- Encrypt sensitive data
- Regular backups
- Secure data transmission
-
Blockchain Security
- Secure key management
- Transaction signing best practices
- Smart contract auditing
-
Edge Device Security
- Secure boot process
- Regular security updates
- Device authentication
- Public disclosure will be coordinated with the reporter
- Credit will be given to the reporter (if desired)
- Details will be published after the fix is deployed
We regularly publish security updates. To stay informed:
- Watch our GitHub repository
- Follow our security announcements
- Subscribe to our security mailing list
For security issues: security@deepchain.io For general inquiries: support@deepchain.io