This security policy applies to the BLOCO Wallet Manager (bloco.wm) GitHub repository and outlines the process for reporting security issues and handling security incidents. The primary goal of this policy is to ensure the safety and integrity of the bloco.wm codebase and to minimize the impact of security incidents on our users.

bloco.wm is a command-line interface (CLI) tool, and we believe the security risks associated with it are minimal. However, we recognize that vulnerabilities can still arise, and we are committed to addressing them promptly and transparently.

If you discover a security issue in bloco.wm, please follow these steps:

Open a new issue in the bloco.wm GitHub repository, describing the security problem in detail.

If a dependency of bloco.wm is found to be vulnerable or infected and requires immediate updates, please follow these steps:

1. Open a new issue in the bloco.wm GitHub repository, describing the vulnerable dependency and the need for an update.
2. Optional: Contact @0xItalo directly via Twitter or Discord to alert them to the issue.

Upon receiving a security report, the bloco.wm team will:

1. Acknowledge receipt of the report and review the issue.
2. Investigate the issue and determine the severity and impact.
3. Develop and implement a fix or mitigation plan, as necessary.
4. Update the PTerm repository and notify users, if applicable.