The Jsonic team takes security seriously. If you discover a security vulnerability in the Jsonic protocol, whitepaper, or any associated tooling, we appreciate your responsible disclosure.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via one of the following channels:

• Email: Send a detailed report to the project maintainer via GitHub profile contact
• Private disclosure: Use GitHub's private vulnerability reporting

When reporting a vulnerability, please include:

• A description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Any relevant proof-of-concept code or screenshots
• Your suggested fix, if you have one

• Acknowledgment: We will acknowledge receipt of your report within 72 hours
• Assessment: We will provide an initial assessment within 7 days
• Resolution: We aim to address confirmed vulnerabilities within 30 days, depending on complexity

This security policy covers:

• The Jsonic protocol specification (whitepaper)
• Smart contract designs and specifications
• Any reference implementations or tooling in this repository

We value the security research community and will acknowledge contributors who report valid vulnerabilities (with their permission) in our release notes.

When contributing to Jsonic, please ensure:

• No private keys, secrets, or credentials are committed to the repository
• Cryptographic implementations follow established standards
• Smart contract patterns follow known security best practices
• Dependencies are kept up to date and free of known vulnerabilities