diff options
Diffstat (limited to 'SECURITY.md')
| -rw-r--r-- | SECURITY.md | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/SECURITY.md b/SECURITY.md index fedabad..dca2848 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ ## Supported Versions -Currently, Veilith is in active development (version 0.9). Security updates are applied to the latest version only. +Currently, Khimera is in active development (version 0.9). Security updates are applied to the latest version only. | Version | Supported | | ------- | ------------------ | @@ -13,7 +13,7 @@ Currently, Veilith is in active development (version 0.9). Security updates are **DO NOT** open public GitHub issues for security vulnerabilities. -If you discover a security vulnerability in Veilith, please report it responsibly: +If you discover a security vulnerability in Khimera, please report it responsibly: ### Preferred Method: Encrypted Email @@ -37,7 +37,7 @@ If you discover a security vulnerability in Veilith, please report it responsibl ## Security Features -Veilith implements multiple layers of defense: +Khimera implements multiple layers of defense: - **End-to-End Encryption**: Noise Protocol (XX pattern) - **Forward Secrecy**: Automatic session key rotation @@ -67,7 +67,7 @@ The following are considered **out of scope** for security reports: Users should: -1. Keep Veilith updated to the latest version +1. Keep Khimera updated to the latest version 2. Verify binary signatures before installation 3. Use portable mode on untrusted systems 4. Enable emergency wipe if at risk @@ -76,7 +76,7 @@ Users should: ## Cryptographic Implementation -Veilith uses well-audited cryptographic libraries: +Khimera uses well-audited cryptographic libraries: - **Noise Protocol**: `flynn/noise` (Go implementation) - **Tor**: Embedded Tor with authenticated bridges @@ -86,7 +86,7 @@ We **never** implement custom cryptography. ## Bug Bounty -Currently, Veilith does not offer a paid bug bounty program. However, we deeply appreciate responsible disclosure and will publicly credit researchers (with permission). +Currently, Khimera does not offer a paid bug bounty program. However, we deeply appreciate responsible disclosure and will publicly credit researchers (with permission). --- |
