qubes-doc/SecurityPage.md

---
layout: doc
title: SecurityPage
permalink: /doc/SecurityPage/
redirect_from: /wiki/SecurityPage/
---

Reporting Security Issues in Qubes OS
=====================================

If you believe you have found a security issue affecting Qubes OS, either directly or indirectly (e.g. the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you!

We promise to treat any reported issue seriously and, if the investigation confirms it affects Qubes, to patch it within a reasonable time, and also to release a public Security Bulletin that describes the issue, discusses potential impact of the vulnerability, references applicable patches or workarounds, and also credits the discoverer.

The list of all Qubes Security Advisories published so far can be found [here](/doc/SecurityBulletins/).

Qubes Security Team
-------------------

The Qubes Security Team can be contacted via email using the following address:

{% highlight trac-wiki %}
security at qubes-os dot org
{% endhighlight %}

Qubes Security Team GPG Key
---------------------------

Please use the [this GPG key](http://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) for encrypting any emails send to this address. Like all the GPG keys used by the Qubes project, this key is signed with the Qubes Master key. Please see [this page](/doc/VerifyingSignatures/) for more information on how to verify the keys.

Members of the Security Team
----------------------------

-   Joanna Rutkowska \<joanna at invisiblethingslab dot com\>
-   Marek Marczykowski \<marmarek at invisiblethingslab dot com\>
SecurityPage changed Initial version 2012-11-15 23:46:26 +00:00			`---`
wiki -> doc migration 2015-04-10 20:17:45 +00:00			`layout: doc`
SecurityPage changed Initial version 2012-11-15 23:46:26 +00:00			`title: SecurityPage`
wiki -> doc migration 2015-04-10 20:17:45 +00:00			`permalink: /doc/SecurityPage/`
			`redirect_from: /wiki/SecurityPage/`
SecurityPage changed Initial version 2012-11-15 23:46:26 +00:00			`---`

			`Reporting Security Issues in Qubes OS`
			`=====================================`

			`If you believe you have found a security issue affecting Qubes OS, either directly or indirectly (e.g. the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you!`

			`We promise to treat any reported issue seriously and, if the investigation confirms it affects Qubes, to patch it within a reasonable time, and also to release a public Security Bulletin that describes the issue, discusses potential impact of the vulnerability, references applicable patches or workarounds, and also credits the discoverer.`

Fix /wiki/ -> /doc/, add slash at the end Addresses without a slash are redirected to a version with slash, but with forced protocol http instead of https. 2015-05-08 15:42:43 +00:00			`The list of all Qubes Security Advisories published so far can be found [here](/doc/SecurityBulletins/).`
SecurityPage changed Initial version 2012-11-15 23:46:26 +00:00
			`Qubes Security Team`
			`-------------------`

			`The Qubes Security Team can be contacted via email using the following address:`

wiki -> doc migration 2015-04-10 20:17:45 +00:00			`{% highlight trac-wiki %}`
SecurityPage changed Initial version 2012-11-15 23:46:26 +00:00			`security at qubes-os dot org`
wiki -> doc migration 2015-04-10 20:17:45 +00:00			`{% endhighlight %}`
SecurityPage changed Initial version 2012-11-15 23:46:26 +00:00
			`Qubes Security Team GPG Key`
			`---------------------------`

Fix /wiki/ -> /doc/, add slash at the end Addresses without a slash are redirected to a version with slash, but with forced protocol http instead of https. 2015-05-08 15:42:43 +00:00			`Please use the [this GPG key](http://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) for encrypting any emails send to this address. Like all the GPG keys used by the Qubes project, this key is signed with the Qubes Master key. Please see [this page](/doc/VerifyingSignatures/) for more information on how to verify the keys.`
SecurityPage changed Initial version 2012-11-15 23:46:26 +00:00
SecurityPage changed spelling 2013-05-07 08:14:12 +00:00			`Members of the Security Team`
			`----------------------------`
SecurityPage changed Initial version 2012-11-15 23:46:26 +00:00
			`- Joanna Rutkowska \<joanna at invisiblethingslab dot com\>`
			`- Marek Marczykowski \<marmarek at invisiblethingslab dot com\>`