When conducting vulnerability research according to this policy, the Tezos Foundation considers this research conducted under this policy to be:
- Authorized in view of any applicable anti-hacking laws, and it will not initiate or support legal action against a security researcher for accidental, good faith violations of this policy
- Authorized in view of relevant anti-circumvention laws, and it will not bring a claim against security researchers for circumvention of technology controls
- Exempt from restrictions in the Tezos Foundation’s policy that would interfere with conducting security research, and it waives those restrictions on a limited basis
- Lawful, helpful to the overall security of the Tezos blockchain and conducted in good faith
Security researchers are expected, as always, to comply with all applicable laws. If legal action is initiated by a third party against a security researcher and the security researcher has complied with this policy, we will take steps to make it known that the security researcher’s actions were conducted in compliance with this policy.
If at any time one has concerns or is uncertain whether its security research is consistent with this policy, please submit a report through one of the Tezos Foundation’s channels outlined in section below “How to report” before going any further.