We support the latest version of GhostTelemetry.

We take the security of GhostTelemetry seriously. If you discover a security vulnerability, please do not disclose it publicly.

1. Email: Send a detailed description of the vulnerability to ghost@haxx.ninja.
2. Encryption: If possible, please encrypt your message using my PGP key (available upon request).
3. Response: We will acknowledge your report within 48 hours and provide a timeline for triage and remediation.

• Description of the vulnerability.
• Steps to reproduce.
• Potential impact.
• Proof of concept (PoC) code or screenshots.

• We will keep you informed of my progress.
• We will not pursue legal action against researchers who follow this policy and practice responsible disclosure.
• We will acknowledge your contribution in my release notes (with your permission).

If you find a vulnerability related to:

• Attestation bypass
• Side-channel leakage
• Ledger immutability compromise

Please mark the subject line as [CRITICAL] TEE VULNERABILITY.