Update Security.md to reflect Zebra node as an alternate implementation
nighthawk24 opened this issue · comments
It is important to recognize the role of Zebra node implementation and its use in block miner workflows. The following statement assumes zcashd is the only mining node and that security vulnerability fixes may not be shared with partners ahead of coordinated releases.
"In the case of a counterfeiting bug, however, just like in CVE-2019-7167, we might decide not to include those details with our reports to partners ahead of coordinated release, so long as we are sure that they are vulnerable."
https://github.com/zcash/zcash/blob/master/SECURITY.md
Describe the solution you'd like
Come up with a plan to coordinate security fixes and deployments with partners with nodes present in the mining operations, exchanges, and end-user applications alike.
Additional context
This issue was identified during the discussions around updating ZIP 0 process updates by @daira