2017-03-18 22:31:12 -04:00
---
2021-03-13 13:06:18 -05:00
lang: en
2019-05-26 21:04:23 -04:00
layout: doc
2021-06-16 22:56:25 -04:00
permalink: /security/
2021-03-13 12:03:23 -05:00
redirect_from:
2017-03-18 22:31:12 -04:00
- /en/security/
- /en/doc/security/
- /en/doc/qubes-security/
- /doc/QubesSecurity/
- /wiki/QubesSecurity/
- /en/doc/security-page/
- /doc/SecurityPage/
- /wiki/SecurityPage/
- /trac/wiki/SecurityPage/
2021-03-13 13:06:18 -05:00
ref: 217
2021-06-17 07:23:57 -04:00
title: Qubes OS Project Security Center
2017-03-18 22:31:12 -04:00
---
2021-06-15 01:07:36 -04:00
This page provides a central hub for topics pertaining to the security of the Qubes OS Project.
For topics pertaining to software security *within* Qubes OS, see [Security in Qubes ](/doc/#security-in-qubes ).
The following is a list of important project security pages:
- [Qubes Security Pack (`qubes-secpack`) ](/security/pack/ )
- [Qubes Security Bulletins (QSBs) ](/security/bulletins/ )
- [Qubes Canaries ](/security/canaries/ )
2021-04-10 18:09:05 -04:00
- [Xen Security Advisory (XSA) Tracker ](/security/xsa/ )
2021-06-15 01:07:36 -04:00
- [Verifying signatures ](/security/verifying-signatures/ )
- [PGP keys ](https://keys.qubes-os.org/keys/ )
- [Security FAQ ](/faq/#general--security )
2018-01-31 23:40:01 -05:00
2021-03-13 12:03:23 -05:00
## Reporting Security Issues in Qubes OS
2017-03-18 22:31:12 -04:00
2017-04-17 20:18:46 -04:00
If you believe you have found a security issue affecting Qubes OS, either directly or indirectly (e.g. the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you!
2021-04-10 18:09:05 -04:00
We promise to treat any reported issue seriously and, if the investigation confirms that it affects Qubes, to patch it within a reasonable time and release a public [Qubes Security Bulletin ](/security/bulletins/ ) that describes the issue, discusses the potential impact of the vulnerability, references applicable patches or workarounds, and credits the discoverer.
2017-03-18 22:31:12 -04:00
2021-03-13 12:03:23 -05:00
## Security Updates
2019-08-26 20:39:40 -04:00
2021-04-10 18:09:05 -04:00
Qubes security updates are obtained by [Updating Qubes OS ](/doc/updating-qubes-os/ ).
2017-03-18 22:31:12 -04:00
2021-03-13 12:03:23 -05:00
## The Qubes Security Team
2017-03-18 22:31:12 -04:00
2021-04-10 18:09:05 -04:00
The Qubes Security Team (QST) is the subset of the [Qubes Team ](/team/ ) that is responsible for ensuring the security of Qubes OS and the Qubes OS Project.
2018-11-05 21:21:43 -05:00
In particular, the QST is responsible for:
2021-04-10 18:09:05 -04:00
- Responding to [reported security issues ](#reporting-security-issues-in-qubes-os )
- Evaluating whether [XSAs ](/security/xsa/ ) affect the security of Qubes OS
2021-03-13 12:03:23 -05:00
- Writing, applying, and/or distributing security patches to fix vulnerabilities in Qubes OS
2021-04-10 18:09:05 -04:00
- Writing, signing, and publishing [Security Bulletins ](/security/bulletins/ )
- Writing, signing, and publishing [Canaries ](/security/canaries/ )
- Generating, safeguarding, and using the project's [PGP Keys ](https://keys.qubes-os.org/keys/ )
2018-11-05 21:21:43 -05:00
As a security-oriented operating system, the QST is fundamentally important to Qubes, and every Qubes user implicitly trusts the members of the QST by virtue of the actions listed above.
2018-01-31 23:40:01 -05:00
The Qubes Security Team can be contacted via email at the following address:
2021-03-13 12:03:23 -05:00
```
security at qubes-os dot org
```
2017-03-18 22:31:12 -04:00
2021-03-13 12:03:23 -05:00
### Security Team PGP Key
2017-03-18 22:31:12 -04:00
2021-04-10 18:09:05 -04:00
Please use the [Security Team PGP Key ](https://keys.qubes-os.org/keys/qubes-os-security-team-key.asc ) to encrypt all emails sent to this address.
This key is signed by the [Qubes Master Signing Key ](https://keys.qubes-os.org/keys/qubes-master-signing-key.asc ).
Please see [Why and How to Verify Signatures ](/security/verifying-signatures/ ) for information about how to verify these keys.
2017-03-18 22:31:12 -04:00
2021-03-13 12:03:23 -05:00
### Members of the Security Team
2017-03-18 22:31:12 -04:00
2021-04-10 18:09:05 -04:00
- [Marek Marczykowski-Górecki ](/team/#marek-marczykowski-górecki )
- [Simon Gaiser (aka HW42) ](/team/#simon-gaiser-aka-hw42 )
- [Joanna Rutkowska ](/team/#joanna-rutkowska ) ([emeritus, canaries only](/news/2018/11/05/qubes-security-team-update/))