qubes-doc/project-security/security.md
2021-08-07 04:46:17 -07:00

3.8 KiB

lang layout permalink redirect_from ref title
en doc /security/
/en/security/
/en/doc/security/
/en/doc/qubes-security/
/doc/QubesSecurity/
/wiki/QubesSecurity/
/en/doc/security-page/
/doc/SecurityPage/
/wiki/SecurityPage/
/trac/wiki/SecurityPage/
217 Qubes OS project security center

This page provides a central hub for topics pertaining to the security of the Qubes OS Project. For topics pertaining to software security within Qubes OS, see Security in Qubes. The following is a list of important project security pages:

Reporting security issues in Qubes OS

Please note: The Qubes security team email address is intended for responsible disclosure by security researchers and others who discover legitimate security vulnerabilities. It is not intended for everyone who suspects they've been hacked. Please do not attempt to contact the Qubes security team unless you can demonstrate an actual security vulnerability or unless the team will be able to take reasonable steps to verify your claims.

If you've discovered a security issue affecting Qubes OS, either directly or indirectly (e.g., the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you! We promise to take all reported issues seriously. If our investigation confirms that an issue affects Qubes, we will patch it within a reasonable time and release a public Qubes security bulletin (QSB) that describes the issue, discusses the potential impact of the vulnerability, references applicable patches or workarounds, and credits the discoverer. Please use the Qubes security team PGP key to encrypt your email to this address:

security at qubes-os dot org

This key is signed by the Qubes Master Signing Key. Please see verifying signatures for information about how to authenticate these keys.

Security updates

Qubes security updates are obtained by updating Qubes OS.

Qubes security team

The Qubes security team (QST) is the subset of the core team that is responsible for ensuring the security of Qubes OS and the Qubes OS Project. In particular, the QST is responsible for:

As a security-oriented operating system, the QST is fundamentally important to Qubes, and every Qubes user implicitly trusts the members of the QST by virtue of the actions listed above.

Members of the security team