The following describes our procedure for addressing major and minor security concerns in snarkOS.
As Aleo is currently in the prototype stage and does not operate a platform intended for production use, our security procedures are designed to promote public disclosure and quick security resolution.
In preparation for the production stage, we will release new security guidelines and issue new procedures for addressing the disclosure of sensitive security vulnerabilities.
During Testnet I, all software bugs should be reported by filing a Github issue.
If you are unsure and would like to reach out to us directly, please email security _at_ aleo.org to elaborate on the issue.