qubes-doc/project-security/security.md
Andrew David Wong 6d81f95cc2
Update and reorganize documentation
- Convert "Common Tasks" to "How-to Guides"
  (QubesOS/qubes-issues#6694)
- Make title capitalization consistent across docs
- Fix leftover h1 headings
- Reorganize various pages and topics
- Update permalinks to better match titles
- Create redirects for changed permalinks
- Miscellaneous cleanup

QubesOS/qubes-issues#6701
2021-06-17 05:16:22 -07:00

3.3 KiB

lang layout permalink redirect_from ref title
en doc /security/
/en/security/
/en/doc/security/
/en/doc/qubes-security/
/doc/QubesSecurity/
/wiki/QubesSecurity/
/en/doc/security-page/
/doc/SecurityPage/
/wiki/SecurityPage/
/trac/wiki/SecurityPage/
217 Qubes OS Project Security Center

This page provides a central hub for topics pertaining to the security of the Qubes OS Project. For topics pertaining to software security within Qubes OS, see Security in Qubes. The following is a list of important project security pages:

Reporting Security Issues in Qubes OS

If you believe you have found a security issue affecting Qubes OS, either directly or indirectly (e.g. the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you! We promise to treat any reported issue seriously and, if the investigation confirms that it affects Qubes, to patch it within a reasonable time and release a public Qubes Security Bulletin that describes the issue, discusses the potential impact of the vulnerability, references applicable patches or workarounds, and credits the discoverer.

Security Updates

Qubes security updates are obtained by Updating Qubes OS.

The Qubes Security Team

The Qubes Security Team (QST) is the subset of the Qubes Team that is responsible for ensuring the security of Qubes OS and the Qubes OS Project. In particular, the QST is responsible for:

  • Responding to reported security issues
  • Evaluating whether XSAs affect the security of Qubes OS
  • Writing, applying, and/or distributing security patches to fix vulnerabilities in Qubes OS
  • Writing, signing, and publishing Security Bulletins
  • Writing, signing, and publishing Canaries
  • Generating, safeguarding, and using the project's PGP Keys

As a security-oriented operating system, the QST is fundamentally important to Qubes, and every Qubes user implicitly trusts the members of the QST by virtue of the actions listed above. The Qubes Security Team can be contacted via email at the following address:

security at qubes-os dot org

Security Team PGP Key

Please use the Security Team PGP Key to encrypt all emails sent to this address. This key is signed by the Qubes Master Signing Key. Please see Why and How to Verify Signatures for information about how to verify these keys.

Members of the Security Team