| Version | Supported |
|---|---|
| 0.6.x | ✅ |
| < 0.6 | ❌ |
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via email to: security@sip-protocol.org
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Resolution Timeline: Depends on severity
- Critical: 24-48 hours
- High: 1 week
- Medium: 2 weeks
- Low: Next release
- We follow a 90-day disclosure timeline
- We will coordinate disclosure with you
- Credit will be given unless you prefer anonymity
For users of SIP Protocol:
- Use hardware wallets for significant funds
- Never share private keys or seed phrases
- Verify URLs before connecting wallets
- Keep software updated
- @sip-protocol/sdk
- @sip-protocol/react
- @sip-protocol/cli
- @sip-protocol/api
- @sip-protocol/types
- sip-website
- Third-party dependencies (report to maintainers)
- Social engineering attacks
- Denial of service attacks
Coming soon. Details will be announced at https://sip-protocol.org/security