Report a Vulnerability
Encrypted disclosure channel for security researchers.
Encrypted contact
Email security@kuber-coin.com with a PGP-encrypted message.
The active security key fingerprint should match the DNS TXT record at
_security.kuber-coin.com before a report is sent.
What to include
- A clear description of the vulnerability and its potential impact.
- Reproduction steps, ideally with a minimal proof-of-concept.
- The affected component, version, and platform.
- Your preferred name (or anonymity preference) for acknowledgment.
Safe harbour
Good-faith research that respects user privacy, avoids destructive actions, and follows coordinated disclosure will not be subject to legal action by the KuberCoin maintainers.
What happens next
You will receive an acknowledgement within three business days. The triage outcome, severity classification and proposed embargo date will follow within seven business days. See the security policy for the full timeline.