How to report a vulnerability in the OptiVaults protocol, and the PGP key for encrypting sensitive technical details.
Email [email protected]
Encrypt with the PGP key below (strongly recommended for exploit details)
Do not open a public GitHub issue for security-sensitive findings
Verify this fingerprint out-of-band before trusting the key:
92F5 5B2F A2EF 0062 7FB2 882C 18ED 4E8F 3EFB 7F76
User ID OptiVaults Security <[email protected]>
Download: /.well-known/pgp-key.asc · import with gpg --import pgp-key.asc
-----BEGIN PGP PUBLIC KEY BLOCK----- mDMEagdEsBYJKwYBBAHaRw8BAQdAvV/wYTUOI2bRoGNuCHojsLzBdKI2HLlwdW0E ODh/B3K0Kk9wdGlWYXVsdHMgU2VjdXJpdHkgPG9wdGl2YXVsdHNAZ21haWwuY29t Poi1BBMWCgBdFiEEkvVbL6LvAGJ/sogsGO1Ojz77f3YFAmoHRLAbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMB Ah4HAheAAAoJEBjtTo8++3925DcA/jLQ10b63V9ndlcgni7LH0bJJQBGKdgywmQU dq/MG1eQAQD3JWbuKPZgTO8q3IW34tL4Yor8WecgOTfkkDKvWRpJC7g4BGoHRLAS CisGAQQBl1UBBQEBB0Dbz9ljnbRpHRktCHD8gHKJSXdlBX8K5qtiAmPURvIwIQMB CAeImgQYFgoAQhYhBJL1Wy+i7wBif7KILBjtTo8++392BQJqB0SwGxSAAAAAAAQA Dm1hbnUyLDIuNSsxLjEyLDAsMwIbDAUJA8JnAAAKCRAY7U6PPvt/dtgzAQCM4ZCG 7wmTT6xUJ8in+4CCxcZD1zkltJAXDnPpfBXHaQD8DPlSS8c3/PCy8egHM2fvindV T2RlJbbjI/m85Ik2HwM= =jACS -----END PGP PUBLIC KEY BLOCK-----
Full policy and recent fix write-ups: SECURITY.md. Machine-readable contact: /.well-known/security.txt.
協議相關的安全性發現,請寄到 [email protected], 強烈建議用上方 PGP 公鑰加密敏感的技術細節,請勿開公開 GitHub issue。 信任金鑰前請先以其他管道核對指紋。回應 SLA:24 小時內確認收到、72 小時內 triage、預設 90 天協調揭露窗口。 完整政策見 SECURITY.md。