In scope of this policy are all security-relevant bugs and errors found in the Tezos blockchain and in components of the Tezos ecosystem.
These include, but are not limited to, the following:
- Tezos nodes and protocol,
- Tezos standards, in their “Final” version: https://gitlab.com/tzip/tzip,
- Smart contracts and their programming languages,
- Block indexers and explorers,
- SKDs / language bindings.
Note: the Tezos Foundation infrastructure (web servers, DNS, email, etc.) is not part of this policy.
Should you have doubts as to the eligibility of your bug please contact the Tezos Foundation Security Team.