Responsible Disclosure Policy
Digital Asset takes security very seriously for our customers, our products and our staff. If you are a Security Researcher and have discovered a vulnerability in our web site or products, we appreciate your help in disclosing this to us in a responsible manner.
Digital Asset will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Digital Asset reserves all of its legal rights in the event of any noncompliance.
Responsible Disclosure helps increase security for affected organizations and the community as a whole. Please follow the guidelines below:
Don’t disclose a bug or vulnerability on public notice boards, mailing lists or other public forums, prior to Responsible Disclosure and an appropriate opportunity for it to be fixed.
Do not utilize an exploit to view data without authorization, or compromise the confidentiality or availability.
Do not perform an attack that would impact the reliability / availability of services. DDoS/Spam attacks are not allowed.
Don’t use scanners or automated tools to find vulnerabilities. They can have unintended consequences or impact.
Never attempt non-technical attacks, such as social engineering, phishing or physical attacked against our employees or infrastructure.
Do not ask for compensation from an affected firm or through any “marketplace” for vulnerabilities.
How to Report an Issue
If you believe you have discovered a vulnerability in our software, please contact firstname.lastname@example.org. Please do not publicly disclose suspected vulnerabilities without prior consent from Digital Asset.
In reporting vulnerabilities, please send details of:
- Suspected vulnerability.
- Steps to enable us to reproduce the issue.
- Your email address and secure mechanism to contact you.
- Your name (and/or colleagues) if you would like to be recognized on this page, e.g., your twitter handle or website as it should be displayed.
You can use the PGP public key below to encrypt your email communication to us. Please include a secure contact mechanism for us to contact you.
Response and Recognition
We will investigate any details you provide and respond as soon as possible, usually one business day.
To acknowledge the first person who alerts us to previously unknown vulnerabilities, we will show our gratitude by placing their name in the Acknowledgements list below. We do not offer a bug bounty program and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.
Digital Assets thanks the following individuals and organizations that have identified vulnerabilities in accordance with this Responsible Disclosure Policy:
Jay K Patel (Facebook: jaypatel34)
Sharan Panegav (securelayer7.net)
Vinoth Kumar (Twitter: @vinothpkumar)
Mitesh Patil (https://www.linkedin.com/in/mitesh-patil-26a15b137)
Nikhil Sahoo and Ipsita Subhadarshan Sahoo
Thrivikram Gujarathi (https://www.linkedin.com/in/thrivikram-gujarathi-penetration-tester-53074796)
Ben Longstaff (Twitter: @Ben_Longstaff)
Rafi Ahamed (LinkedIn: https://www.linkedin.com/in/rafi-ahamed-aa7110139/)
Gul Hameed (Twiter: https://twitter.com/GulHame45247021?s=03)
Shivang Trivedi (LinkedIn: https://www.linkedin.com/in/shivang-trivedi-a149b2190/)
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----