Security · VDP

Vulnerability Disclosure Policy

Draft, pending counsel. This page is being finalized with our legal team and is not yet the binding version. For questions about data handling in the meantime, reach us via the contact page.

This policy explains how to report a security vulnerability in the Nodes website or platform, what is in scope, and the good-faith safe-harbor we extend to researchers who follow it.

Sections in preparation

  • Scope: in-scope and out-of-scope systems.
  • How to report a vulnerability and what to include.
  • Safe harbor for good-faith research.
  • Our response and remediation targets, by CVSS severity.
  • Coordinated disclosure timeline.
  • Contact for security reports.
Vulnerability Disclosure Policy · Nodes