qubes-doc/security-info/security.md

---
layout: default
title: Security
permalink: /security/
redirect_from: 
- /en/security/
- /en/doc/security/
- /en/doc/qubes-security/
- /doc/QubesSecurity/
- /wiki/QubesSecurity/
- /en/doc/security-page/
- /doc/SecurityPage/
- /wiki/SecurityPage/
- /trac/wiki/SecurityPage/
---

Qubes OS Project Security Center
================================

-   [Security FAQ](/faq/#general--security)
-   [Security Goals](/security/goals/)
-   [Security Pack](/security/pack/)
-   [Security Bulletins](/security/bulletins/)
-   [Canaries](/security/canaries/)
-   [Xen Security Advisory (XSA) Tracker](/security/xsa/)
-   [Why and How to Verify Signatures](/security/verifying-signatures/)
-   [PGP Keys](https://keys.qubes-os.org/keys/)

Reporting Security Issues in Qubes OS
-------------------------------------

If you believe you have found a security issue affecting Qubes OS, either directly or indirectly (e.g. the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you!

We promise to treat any reported issue seriously and, if the investigation confirms it affects Qubes, to patch it within a reasonable time, release a public Security Bulletin that describes the issue, discuss potential impact of the vulnerability, reference applicable patches or workarounds, and credit the discoverer.

The list of all Qubes Security Advisories published so far can be found [here](/security/bulletins/).

The Qubes Security Team
-----------------------

The Qubes Security Team can be contacted via email using the following address:

~~~
security at qubes-os dot org
~~~

### Qubes Security Team GPG Key ###

Please use [this GPG key](https://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) to encrypt any emails sent to this address. Like all GPG keys used by the Qubes project, this key is signed by the Qubes Master key. Please see [this page](/security/verifying-signatures/) for more information on how to verify the keys.

### Members of the Security Team ###

-   Joanna Rutkowska \<joanna at invisiblethingslab dot com\>
-   Marek Marczykowski \<marmarek at invisiblethingslab dot com\>
Reorganize security info pages 2017-03-18 22:31:12 -04:00			`---`
			`layout: default`
			`title: Security`
			`permalink: /security/`
			`redirect_from:`
			`- /en/security/`
			`- /en/doc/security/`
			`- /en/doc/qubes-security/`
			`- /doc/QubesSecurity/`
			`- /wiki/QubesSecurity/`
			`- /en/doc/security-page/`
			`- /doc/SecurityPage/`
			`- /wiki/SecurityPage/`
			`- /trac/wiki/SecurityPage/`
			`---`

			`Qubes OS Project Security Center`
			`================================`

Add link to Security FAQ (QubesOS/qubes-issues#2704) 2017-11-16 01:07:22 -05:00			`- [Security FAQ](/faq/#general--security)`
Reorganize security info pages 2017-03-18 22:31:12 -04:00			`- [Security Goals](/security/goals/)`
			`- [Security Pack](/security/pack/)`
			`- [Security Bulletins](/security/bulletins/)`
			`- [Canaries](/security/canaries/)`
			`- [Xen Security Advisory (XSA) Tracker](/security/xsa/)`
			`- [Why and How to Verify Signatures](/security/verifying-signatures/)`
Update security.md 2017-05-03 05:53:36 -04:00			`- [PGP Keys](https://keys.qubes-os.org/keys/)`
Reorganize security info pages 2017-03-18 22:31:12 -04:00
			`Reporting Security Issues in Qubes OS`
			`-------------------------------------`

Update security.md 2017-04-17 20:18:46 -04:00			`If you believe you have found a security issue affecting Qubes OS, either directly or indirectly (e.g. the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you!`
Reorganize security info pages 2017-03-18 22:31:12 -04:00
Edit security.md Rewrote two sentences + some misc grammar fixes/wording changes. 2017-04-16 20:12:31 -04:00			`We promise to treat any reported issue seriously and, if the investigation confirms it affects Qubes, to patch it within a reasonable time, release a public Security Bulletin that describes the issue, discuss potential impact of the vulnerability, reference applicable patches or workarounds, and credit the discoverer.`
Reorganize security info pages 2017-03-18 22:31:12 -04:00
			`The list of all Qubes Security Advisories published so far can be found [here](/security/bulletins/).`

			`The Qubes Security Team`
			`-----------------------`

			`The Qubes Security Team can be contacted via email using the following address:`

			`~~~`
			`security at qubes-os dot org`
			`~~~`

			`### Qubes Security Team GPG Key ###`

Update security.md 2017-05-03 05:53:36 -04:00			`Please use [this GPG key](https://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) to encrypt any emails sent to this address. Like all GPG keys used by the Qubes project, this key is signed by the Qubes Master key. Please see [this page](/security/verifying-signatures/) for more information on how to verify the keys.`
Reorganize security info pages 2017-03-18 22:31:12 -04:00
			`### Members of the Security Team ###`

			`- Joanna Rutkowska \<joanna at invisiblethingslab dot com\>`
			`- Marek Marczykowski \<marmarek at invisiblethingslab dot com\>`