Responsible disclosure policy.
AttestSeal issues signed trust checks that downstream agents act on. Security of the signing path, the API, and the dataset matters to us. We take every report seriously and we are explicit about what we promise back.
How to report
Email [email protected]. PGP not required but welcomed; key fingerprint available on request.
Include enough detail to reproduce: affected endpoint or surface, request payload, expected vs actual response, and any chain-of-impact reasoning. Screenshots and recorded transcripts help.
What we commit
- Acknowledgement within 2 business days. A human reads it and confirms receipt with a tracking ID.
- First-pass triage within 7 days. We will tell you whether the issue is in scope, our severity rating, and our planned timeline.
- Fix targets by severity: critical within 7 days, high within 30 days, medium within 90 days, low best effort. We notify you when the fix ships.
- Public credit, if you want it. We publish a thank-you with each fixed report unless you ask to remain anonymous.
Scope
In scope: attestseal.com, api.attestseal.com, demo.attestseal.com, the AttestSeal SDKs, the published x402 extension, the signing keys and DID document, the dataset publication pipeline.
Out of scope: third-party reputation feeds we ingest (Tranco, Spamhaus, SURBL, URLhaus, Google Safe Browsing) — report those upstream. Status page (Upptime/GitHub Pages) is hosted on GitHub infrastructure. Cloudflare-managed surfaces follow Cloudflare's vulnerability program.
Safe harbor
We will not pursue legal action for good-faith research that respects user privacy and stays within the in-scope list. Do not exfiltrate data beyond what is needed to demonstrate the issue. Do not pivot from one finding to attack other systems. Do not perform denial-of-service testing without prior written authorization.
What we sign and why it matters
Every check response is canonicalized and signed with Ed25519 under did:web:attestseal.com. The signed payload includes the score, recommendation, confidence, cautionReason, and scoringModel. A successful attack on the signing key is the highest-impact bug we are aware of in our threat model.
Past advisories
None disclosed yet. This page is the canonical place we will publish them.