This security policy applies to the "core" crates in the rust-kaon ecosystem, which are kaon, secp256k1, kaon_hashes and kaon-internals. These crates deal with cryptography and cryptographic algorithms, and as such, are likely locations for security vulnerabilities to crop up.

As a general rule, an issue is a security vulnerability if it could lead to:

• Loss of funds
• Loss of privacy
• Censorship (including e.g. by attaching an incorrectly low fee to a transaction)
• Any "ordinary" security problem, such as remote code execution or invalid memory access

In general, use your best judgement in determining whether an issue is a security issue. If not, go ahead and post it to the public issue tracker.

If you believe you are aware of a security issue, please contact our team at [email protected].