# Security Policy

## Reporting a vulnerability
If you have discovered a vulnerability within Cuprate, please do not open a GitHub issue or announce it publicly.

Please contact us directly by email using our PGP keys in the [`gpg_keys/`](misc/gpg_keys/) directory or via an encrypted Matrix channel.

Thanks for being quiet.

## Contact
Please disclose vulnerabilities to one of the trusted maintainers below:

| Trusted maintainer | PGP key | Email address | Matrix ID |
|--------------------|---------|---------------|-----------|
| [Boog900](https://github.com/Boog900) | [`boog900.asc`](misc/gpg_keys/boog900.asc) | `boog900@tutanota.com` | `@boog900:monero.social`