DeltaBlue

Responsible Disclosure

Effective Date: 2025-01-01
Contact: [email protected]
PGP Key: https://delta.blue/.well-known/pgp-key.txt

Responsible Disclosure Policy

Subject of this policy

DeltaBlue is committed to ensuring the safety and privacy of our platform, users, and data. We encourage security researchers, ethical hackers, and members of the public to responsibly report any vulnerabilities discovered within our services.

Scope

This policy applies to the following domains and services:

  • *.delta.blue
  • *.hyperlane.co
  • DeltaBlue Platform APIs
  • Public-facing DeltaBlue applications and infrastructure

Excluded from scope:

  • Social engineering
  • Physical security
  • Denial of Service (DoS) testing
  • Automated vulnerability scans on production systems

Guidelines for Responsible Disclosure

To encourage responsible testing and reporting, we ask that you:

  • Avoid accessing, modifying, or deleting data without explicit authorization.
  • Avoid disrupting services or systems.
  • Refrain from sharing details of the vulnerability publicly until it has been resolved.
  • Use test accounts or your own data when testing vulnerabilities.

Reporting a Vulnerability

Please include the following in your report:

  • Description of the vulnerability
  • Steps to reproduce the issue (POC scripts or screenshots help)
  • Your contact information for follow-up (anonymous reports are accepted)

Send reports to: [email protected]

What You Can Expect

  • Acknowledgement within 2 business days.
  • Status update within 5 business days.
  • Resolution timeline depends on severity but we aim for 7 days or less.
  • Recognition in our Hall of Fame (if desired).
  • Legal safe harbor as long as you follow this policy in good faith.
  • Reports lacking sufficient detail or clarity may be disregarded.

Safe Harbor

DeltaBlue will not initiate legal action against researchers who act in good faith, comply with this policy, and avoid causing harm. This includes:

  • Testing within the scope.
  • Reporting vulnerabilities without extortion or abuse.
  • Avoiding data breaches and service disruptions.

Recognition and Reward

While DeltaBlue currently does not operate a paid bug bounty program, responsible disclosures may be eligible for:

  • Public recognition (Wall Of Fame)
  • Swag or credits
  • Invitations to early access programs

Contact and PGP