If you think you have discovered a security issue in this project, we'd love to hear from you. We will take all security bugs seriously and if confirmed upon investigation we will patch it within a reasonable amount of time and release a public security bulletin discussing the impact and credit the discoverer.

Please send the description of the flaw and any related information (e.g. reproduction steps, version) to surnet dot org at gmail dot com.

The other way is to file a confidential security bug in our JIRA bug tracking system. Be sure to set the “Security Level” to “Security issue”.

The process by which the Hyperledger Security Team handles security bugs is documented further in our Defect Response page on our wiki.