Coordinated Vulnerability Disclosure Policy

Introduction

Beamable.Network is committed to safeguarding the security and privacy of our systems, applications, and users. We value the contributions of security researchers and welcome the responsible disclosure of vulnerabilities. If you believe you've found a security issue in our systems, we encourage you to report it to us in a way that respects user safety and system integrity.

Scope

This policy applies to all public-facing services and infrastructure managed by Beamable.Network, including but not limited to:

  • Beamable.network domains and subdomains

  • APIs, validators, routers, and workload nodes

  • Smart contracts deployed by Beamable.Network

Systems explicitly marked as “out of scope” or owned by third parties are excluded.

Safe Harbor

We are committed to providing legal protection for good-faith security research:

  • We will not pursue legal action if you act in accordance with this policy.

  • We will consider your testing authorized and will not report it to law enforcement if it’s confined to in-scope systems and avoids data exfiltration or service disruption.

  • This protection extends to any accidental violations, provided there is no malicious intent.

How to Report

Please send all vulnerability reports to [email protected].

If your report includes sensitive information, we encourage the use of our PGP key to encrypt communications.

What to Include in Your Report

To help us triage and resolve issues efficiently, your report should include:

  • A clear and detailed description of the vulnerability

  • Steps to reproduce the issue

  • Potential security impact

  • Any relevant screenshots, logs, or proof-of-concept code

  • Your contact information (optional if you wish to remain anonymous)

What to Expect

  • We will acknowledge receipt of your report within three (3) business days.

  • Our security team will investigate the issue and keep you informed of progress.

  • We aim to resolve valid security issues within 90 days of verification, with regular updates during the process.

Response Timeline

  • Acknowledgment: Within three (3) business days

  • Initial Triage: Within seven (7) business days

  • Fix or Mitigation: Within 90 days, depending on complexity

Out of Scope

While we appreciate all security research, the following are out of scope:

  • Social engineering (e.g., phishing, impersonation)

  • Denial of Service (DoS) attacks

  • Physical security attacks

  • Attacks against third-party services not owned by Beamable.Network

  • Automated vulnerability scanners without prior consent

Rewards

Beamable.Network does not currently operate a formal bug bounty program. However, for high-impact, well-documented reports, we may offer:

  • Public acknowledgment on our website or GitHub

  • Swag or discretionary rewards

  • Invitations to private security testing opportunities

  • Payment, at our discretion

By submitting a vulnerability report, you agree to:

  • Not publicly disclose the vulnerability until we give explicit permission

  • Not access or modify data belonging to others

  • Act in good faith and within the scope of this policy

Last updated