🚧 Em Construção 🚧
Skip to main content

Security Policy

Overview

This is a project of Guardia and follows the Guardia Finance vulnerability handling process.

Guardia takes the security of this project seriously and welcomes responsible disclosures from the community. This document outlines our process for reporting, evaluating, and responding to security vulnerabilities.

Reporting a Vulnerability

If you have discovered a new vulnerability, please follow the Guardia vulnerability reporting process.

Secure Communication Channels

There are two secure channels for disclosure:

1. GitHub Security Advisories (Preferred)

You can privately report a vulnerability directly through GitHub by following these steps:

  • Navigate to the repository's main page
  • Click on the Security tab
  • Click "Report a vulnerability" under "Security advisories"
  • Complete the form with details of the issue

2. Email

Alternatively, you may contact us via:

security@guardia.finance

Include the following in your email:

  • A clear description of the vulnerability
  • Steps to reproduce it
  • Affected versions or components
  • Potential impact
  • Optional: Your PGP key if you prefer encrypted communication

Handling Process

Our process for managing vulnerabilities is aligned with industry best practices and includes:

  1. Triage & Confirmation – We validate the issue and assess severity
  2. Remediation Planning – We prioritize and develop a fix
  3. Coordinated Disclosure – We coordinate public disclosure after remediation
  4. Advisory Publication – We issue a public advisory including credits to the reporter

Security Commitment

Guardia follows security guidelines that include:

  • Signed commits and verified releases
  • Code reviews with a focus on secure design
  • CI/CD pipelines with automated vulnerability scanning
  • Minimal privilege principles
  • Continuous dependency monitoring

Responsible Disclosure Statement

We appreciate community efforts to improve our security posture. Please avoid public disclosure of any vulnerability before we have had a chance to respond. We are committed to transparent, respectful collaboration with security researchers.