The Wind Network team takes security seriously. If you discover a security vulnerability, please follow these steps:

Do not open a public issue. Instead, please report security vulnerabilities via:

• Email: security@windnetwork.ai
• GPG Key: Download our public key

Please include the following information:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Suggested fix (if available)
• Your contact information

• Acknowledgment: Within 24 hours
• Initial Assessment: Within 72 hours
• Status Updates: Weekly until resolved
• Resolution: Varies based on complexity

Security issues in the following components are in scope:

• SNI (Solana Network Indexer)
• Tide (Data Streaming Engine)
• wIndexer (Core Indexing)
• API endpoints and authentication
• Data validation and sanitization
• Network communication protocols

• Issues in third-party dependencies (report to upstream)
• Social engineering attacks
• Physical attacks
• Denial of Service attacks requiring massive resources

We maintain a security hall of fame for researchers who help improve our security:

• Responsible disclosure recognition
• Public acknowledgment (with permission)
• Potential bounty rewards (to be announced)

When using Wind Network products:

• Keep software updated to latest versions
• Use secure configuration settings
• Monitor security advisories
• Follow principle of least privilege
• Regular security audits

Security updates are published:

• In release notes with severity ratings
• Through GitHub security advisories
• Via email notifications (for critical issues)
• On our security page: https://windnetwork.ai/security

Thank you for helping keep Wind Network secure! 🔒