Use these resources to understand dstack's trust model, production requirements, audit history, and public security report status.
- Security Model - threat model, trust boundaries, and verifier checklist
- Security Best Practices - production hardening for KMS, gateway, and VMM deployments
- Security Audit - zkSecurity audit report
- Public Security Reports - status of already-public reports and findings
- CVM Boundaries - data exchanged across the CVM, host, KMS, and gateway
Do not disclose exploitable vulnerabilities in public GitHub issues. Use the private reporting path in SECURITY.md. If GitHub private reporting is unavailable, contact security@phala.network.