From 19d7bd9f84aaca7e736aa3eaf1f6d8ac9cbf50ec Mon Sep 17 00:00:00 2001 From: Ethan Frey Date: Wed, 5 Jan 2022 11:02:37 +0100 Subject: [PATCH] New SECURITY.md refering to wasmd --- SECURITY.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..1b10ff8e5 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +## Supported Versions + +cw-plus is still pre v1.0. A best effort has been made that the contracts here are secure, and we have moved the more +experimental contracts into community repositories like [cw-nfts](https://github.com/CosmWasm/cw-nfts) and +[cw-tokens](https://github.com/CosmWasm/cw-tokens). That said, we have not done an audit on them (formal or informal) +and you can use them at your own risk. We highly suggest doing your own audit on any contract you plan to deploy +with significant token value, and please inform us if it detects any issues so we can upstream them. + +Until v1.0 APIs are subject to change. The contracts APIs are pretty much stable, most work is currently +in `storage-plus` and `multi-test`. + +## Reporting a Vulnerability + +We have a [unified security policy](https://github.com/CosmWasm/wasmd/blob/master/SECURITY.md) +for all CosmWasm-related repositories maintained by Confio. +You can [read it here](https://github.com/CosmWasm/wasmd/blob/master/SECURITY.md)