Parity Technologies is committed to resolving security vulnerabilities in our software quickly and carefully. We take the necessary steps to minimize risk, provide timely information, and deliver vulnerability fixes and mitigations required to address security issues.

The Polkadot Security Hub is a resource for all things security in the Polkadot ecosystem. You can discover Security Vulnerabilities Disclosures, learn in detail about Common Security Vulnerabilities, find information on how to securely test your Polkadot project, what audits have been conducted, and how to get involved in the security of Polkadot.

Responsible investigation and reporting includes, but isn't limited to, the following:

• Initially report the bug only to us and not to anyone else.
• Give us a reasonable amount of time to fix the bug before disclosing without authorization, as rewards are not paid before a fix as been created and deployed.
• Don’t make repeat submissions of low quality, rejected or automated vulnerability reports. You will put yourself at risk of being banned permanently.
• Don’t defraud or harm Parity Technologies or Polkadot or its users during your research; you should make a good faith effort to not interrupt or degrade our and the network's services. Investigate and report bugs in a way that makes a reasonable, good faith effort not to be disruptive or harmful to us or our users. Otherwise, your actions might be interpreted as an attack rather than an effort to be helpful.
• Don't target our physical security measures, or attempt to use social engineering, spam, distributed denial of service (DDOS) attacks, etc.
• Don't violate the privacy of other users, destroy data, etc.

Parity's Bug Bounty Program allows us to recognize and reward members of the Polkadot ecosystem for helping us find and address significant bugs, in accordance with the terms of the program. Submission to the program WILL only be considered if it's done through the form link specified in the program website.

A detailed description of scope, eligibility, rewards, legal information and terms & conditions for contributors can be found on Parity's website.