# Security Policy

## Reporting a Vulnerability

ObsidianDragon is a cryptocurrency wallet that handles private keys and funds. We take security seriously.

**Do NOT report security vulnerabilities through public issues.**

Instead, please report them privately:

- Email: security@dragonx.is
- Or contact the maintainers directly through the DragonX community channels

### What to Include

- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)

### Response Timeline

- **Acknowledgement**: Within 48 hours
- **Assessment**: Within 1 week
- **Fix**: As soon as possible, depending on severity

### Scope

The following are in scope:
- Private key exposure or theft
- Wallet passphrase/PIN bypass
- RPC credential leakage
- Remote code execution
- Fund loss or misdirection
- Daemon communication interception

### Recognition

We appreciate responsible disclosure and will credit reporters in release notes (unless anonymity is preferred).

## Supported Versions

| Version | Supported |
|---------|-----------|
| Latest release | Yes |
| Older releases | Best effort |

## Security Best Practices for Users

- Always verify downloads against published checksums
- Use a strong passphrase or PIN to encrypt your wallet
- Keep your system and wallet software up to date
- Back up your wallet regularly