Update responsible_disclosure.md

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-01-26 15:10:33 -08:00 · 2021-01-26 15:10:33 -08:00 · 1bc2a416a1
parent cd625d995b
commit 1bc2a416a1
1 changed files with 1 additions and 1 deletions
--- a/responsible_disclosure.md
+++ b/responsible_disclosure.md
@ -56,7 +56,7 @@ Specifically, we have agreed to engage in responsible disclosures for security i

 ## Deviations from the Standard

-Zcash is a technology that provides strong privacy. Notes are encrypted to their destination, and then the monetary base is kept via zero-knowledge proofs intended to only be creatable by the real holder of Zcash. If this fails, and a counterfeiting bug results, that counterfeiting bug might be exploited without any way for blockchain analyzers to identify the perpetrator or which data in the blockchain has been used to exploit the bug. Rollbacks before that point, such as have been executed in some other projects in such cases, are therefore impossible.
+Zcash is a technology that provides strong privacy. Notes are encrypted to their destination, and then the monetary base is kept via zero-knowledge proofs intended to only be creatable by the real holder of Zcash. If this fails, and a counterfeiting bug results, that counterfeiting bug might be exploited without any way for blockchain analyzers to identify the perpetrator or which data in the blockchain has been used to exploit the bug. Rollbacks to before that point, such as have been executed in some other projects in such cases, are therefore impossible.

 The standard describes reporters of vulnerabilities including full details of an issue, in order to reproduce it. This is necessary for instance in the case of an external researcher both demonstrating and proving that there really is a security issue, and that security issue really has the impact that they say it has - allowing the development team to accurately prioritize and resolve the issue.