# Security Policy

## Supported Versions

We fix security issues as soon as they are found, and release firmware updates.
Each such release is accompanied by release notes, see <https://github.com/solokeys/solo/releases>.

The latest version can be determined using the file <https://github.com/solokeys/solo/blob/master/STABLE_VERSION>.

To update your key:
- either visit <https://update.solokeys.com>, or
- use our commandline tool <https://github.com/solokeys/solo1-cli>:
```
solo1 key update
```

## Reporting a Vulnerability

To report vulnerabilities you have found:

- preferably contact [@conor1](https://keybase.io/conor1), [@0x0ece](https://keybase.io/0x0ece) or [@nickray](https://keybase.io/nickray) via Keybase, or
- send us e-mail using OpenPGP to [security@solokeys.com](mailto:security@solokeys.com).

<https://keys.openpgp.org/vks/v1/by-fingerprint/BFA3F5387D025E8945CF907FC2F2505A63868DFA>

We do not currently run a paid bug bounty program, but are happy to provide you with a bunch of Solo keys in recognition of your findings.

## Mailing List

Join our release notification mailing list to be informed about each release:

https://sendy.solokeys.com/subscription?f=9MLIqMDmox1Ucz89C892Kq09IqYMM7OB8UrBrkvtTkDI763QF3L5PMYlRhlVNo2AI892mO