(Note: the contents of this post refer exclusively to the security disclosure made public in Aug.-Sep., 2017. At the time of this writing, there are no known issues with the current protocol.)

If you have been following IOTA related news, you are probably aware of an ongoing topic of discussion — both within the IOTA community and the wider DLT community at large. Back in January, the IOTA Foundation released a four-part blog post detailing the technical considerations of a vulnerability report published on GitHub in September 2017 by the Digital Currency Initiative (DCI), an organization affiliated with MIT.

Unfortunately, and much to everyone’s surprise, the communications between the IOTA team and DCI that occured prior to this report were recently leaked, and published on an external blog. We at the IOTA Foundation unequivocally condemn this leak. These were private communications between parties who did not consent to such release — the release of these emails without consent is detrimental to the IOTA Foundation, to our community, to our friends at the DCI with whom we maintain ongoing conversation (heated at times, to be sure, but such is the nature of a vibrant academic discussion) and to the entire DLT space.