Please email security@colofon.tech with a technical description, the affected component, steps to reproduce, and — if you have one — a proof-of-concept. Do not open a public GitHub issue for vulnerabilities; the trackers on colofonhq/* are for functional work, not undisclosed security findings.

If the finding is sensitive enough to warrant encryption, reply to our acknowledgement with a request for a PGP key. (We don’t publish one yet because inbound volume has been negligible; we’ll switch to a published key if that changes.)

• Acknowledge your report within 3 business days.
• Provide an initial triage assessment — in-scope or not, our preliminary severity — within 10 business days.
• Keep you informed as we investigate, validate, and remediate.
• Credit you in the release notes for the fix, unless you ask us not to.
• Not pursue legal action against researchers operating in good faith within the scope below.

Anything under github.com/colofonhq and any Colofon-operated service. Specifically, we prioritise findings in:

• The Noir circuits (colofon-circuits) — soundness bugs, missing constraints, public-input schema drift.
• Witness generation and bundle encoding (colofon-sdk) — anything that would let a vendor produce a bundle whose claims do not actually hold.
• The verifier (colofon-verifier) — anything that would let an invalid bundle verify, or a valid bundle fail to verify.
• The hosted prover (colofon-prover, currently at colofon-prover.fly.dev) — witness leakage, cross-tenant contamination, auth bypass. Witness confidentiality is the single most important guarantee this service makes; any plausible path to leaking witness content is high-severity by default.
• The agent (colofon-agent) — secret exfiltration, supply-chain injection points into consumer workflows.

• Denial-of-service or volumetric testing against any live service.
• Social-engineering, phishing, or physical attacks on Apertrue or its employees.
• Findings that require physical access to a victim’s machine, a malicious browser extension installed by the victim, or otherwise-compromised-endpoint assumptions.
• Known upstream issues in pinned dependencies that we don’t have an available mitigation for; please report those upstream (Aztec, Noir, Sigstore, etc.) and let us know so we can track.
• Missing security headers or TLS-configuration nitpicks on pre-launch preview domains — production domains only.

If you make a good-faith effort to comply with this policy, we will treat your research as authorised. We won’t pursue civil or criminal action, won’t involve law enforcement, and won’t ask your employer or ISP to intervene — provided you act within scope, avoid disrupting other users, and give us a reasonable window to remediate before public disclosure.

Reasonable is typically 90 days. If a fix is taking longer for good reason, we’ll tell you.

• We don’t currently run a paid bug bounty. Acknowledgement, credit, and a prompt fix are what we can offer.
• We don’t have an independent cryptographic audit yet. One is in progress; the whitepaper is the current reference.