Coordinated Vulnerability Disclosure Policy
Introduction
Beamable.Network is committed to safeguarding the security and privacy of our systems, applications, and users. We value the contributions of security researchers and welcome the responsible disclosure of vulnerabilities. If you believe you've found a security issue in our systems, we encourage you to report it to us in a way that respects user safety and system integrity.
Scope
This policy applies to all public-facing services and infrastructure managed by Beamable.Network, including but not limited to:
Beamable.network domains and subdomains
APIs, validators, routers, and workload nodes
Smart contracts deployed by Beamable.Network
Systems explicitly marked as “out of scope” or owned by third parties are excluded.
Safe Harbor
We are committed to providing legal protection for good-faith security research:
We will not pursue legal action if you act in accordance with this policy.
We will consider your testing authorized and will not report it to law enforcement if it’s confined to in-scope systems and avoids data exfiltration or service disruption.
This protection extends to any accidental violations, provided there is no malicious intent.
How to Report
Please send all vulnerability reports to [email protected].
If your report includes sensitive information, we encourage the use of our PGP key to encrypt communications.
What to Include in Your Report
To help us triage and resolve issues efficiently, your report should include:
A clear and detailed description of the vulnerability
Steps to reproduce the issue
Potential security impact
Any relevant screenshots, logs, or proof-of-concept code
Your contact information (optional if you wish to remain anonymous)
What to Expect
We will acknowledge receipt of your report within three (3) business days.
Our security team will investigate the issue and keep you informed of progress.
We aim to resolve valid security issues within 90 days of verification, with regular updates during the process.
Response Timeline
Acknowledgment: Within three (3) business days
Initial Triage: Within seven (7) business days
Fix or Mitigation: Within 90 days, depending on complexity
Out of Scope
While we appreciate all security research, the following are out of scope:
Social engineering (e.g., phishing, impersonation)
Denial of Service (DoS) attacks
Physical security attacks
Attacks against third-party services not owned by Beamable.Network
Automated vulnerability scanners without prior consent
Rewards
Beamable.Network does not currently operate a formal bug bounty program. However, for high-impact, well-documented reports, we may offer:
Public acknowledgment on our website or GitHub
Swag or discretionary rewards
Invitations to private security testing opportunities
Payment, at our discretion
Legal Notice
By submitting a vulnerability report, you agree to:
Not publicly disclose the vulnerability until we give explicit permission
Not access or modify data belonging to others
Act in good faith and within the scope of this policy
Last updated