KuberCoin Docs

Security Policy

Vulnerability disclosure process and response timelines.

Scope

This policy covers the reference node, the Rust and TypeScript client SDKs, and the public-facing infrastructure under *.kuber-coin.com. Third-party wallets, exchanges and pools are out of scope.

Reporting a vulnerability

Send encrypted reports through the channel documented on the vulnerability report page. Please do not open public discussion threads for unpatched issues.

Response timelines

  • Acknowledgement: within 3 business days.
  • Initial triage: within 7 business days.
  • Fix or mitigation: targeted within 90 days from acknowledgement.
  • Coordinated disclosure: a fixed embargo date is set jointly with the reporter.

Severity rubric

  • Critical. Consensus failure, fund loss, or remote code execution on the reference node.
  • High. Denial of service against a majority of nodes, wallet key extraction.
  • Medium. Cross-site scripting on a hosted surface, inflation of confirmation latency.
  • Low. Information disclosure with no privilege escalation.

Acknowledgments

Researchers who follow coordinated disclosure are listed, with their permission, on the acknowledgments page.

The public audit package is summarized on the audit scope page.