Disclosure channel exists

Wormhole's assessment for RD-F-175 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

- Finding: YES. Multiple channels: 1. Immunefi bug bounty program: https://immunefi.com/bug-bounty/wormhole/ — primary channel per SECURITY.md 2. SECURITY.md present in GitHub: https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.md 3. Wormhole Responsible Disclosure Policy: https://wormhole.app/security/disclosure 4. Incident response program documented at https://wormhole.com/docs/protocol/security/

Sources #

URL
https://wormhole.app/security/disclosureretrieved 2026-04-28
URL
https://immunefi.com/bug-bounty/wormhole/retrieved 2026-04-28
URL
https://wormhole.com/docs/protocol/security/retrieved 2026-04-28
GitHub
https://github.com/wormhole-foundation/wormhole/blob/main/SECURITY.mdretrieved 2026-04-28

Methodology #

Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol wormhole factor RD-F-175 score gray collected_at 2026-04-28 01:38:43