diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..ef06884bb2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,42 @@ +# Security Policy + +## Reporting a Vulnerability + +If you discover a security vulnerability in the Bittensor protocol, SDK, or any of its components, we strongly encourage you to report it responsibly. + +Please **do not publicly disclose** the vulnerability until we have had a reasonable chance to address it. + +### ๐Ÿ” Confidential Reporting + +To report a vulnerability, you can use any of the following methods: + +- Create a [GitHub Issue](https://github.com/opentensor/bittensor/issues) using the `Security` label or title. + +- Contact us via our official Discord support thread: [#btcli-btsdk](https://discord.com/channels/1120750674595024897/1242999357436071956) + +### ๐Ÿงพ What to Include + +When reporting a vulnerability, please provide as much detail as possible: + +- Affected component (e.g., `bittensor`, `bittensor-cli`, `bittensor-wallet`, etc.) +- Version or commit hash +- Description of the vulnerability +- Steps to reproduce (if possible) +- Impact assessment +- Any potential mitigations or recommendations + +--- + +## Response Process + +1. We will acknowledge your report within **48 hours**. +2. We will investigate and confirm the issue. +3. If confirmed, we will coordinate on a fix and set an embargo period if needed. +4. A fix will be developed, tested, and released as soon as possible. +5. You will be credited (if you wish) in the security section of our release notes. + +--- + +## Thank You + +We appreciate your efforts in keeping the Bittensor ecosystem secure and responsible.