If you believe you've discovered a security vulnerability in any part of the BLEEP ecosystem, please report it responsibly.

• Email: support@bleepecosystem.com
• Preferred Language: English
• GPG/PGP Key: [Coming Soon]

We strongly discourage disclosing vulnerabilities publicly or via GitHub issues. Please allow us a reasonable time to investigate and address the issue before any public disclosure.

This policy covers:

• BLEEP Core Protocol (/core)
• BLEEP Smart Contracts (/smart-contracts)
• BLEEP SDKs (/sdk)
• BLEEP Virtual Machine (/vm)
• Official documentation (/docs), if it can lead to user security risks

Out-of-scope: third-party projects built on BLEEP or services hosted by third parties.

We aim to:

• Acknowledge your report within 48 hours
• Provide an initial response and assessment within 5 working days
• Roll out a fix or mitigation (where necessary) within 30 days, depending on severity

To qualify as responsible disclosure:

• You do not exploit the vulnerability for any reason (other than testing with permission)
• You do not publicly share details of the vulnerability before we confirm a fix
• You provide us with adequate time and details to resolve the issue

Researchers who follow responsible disclosure may be recognized publicly (optional) and/or included in a future BLEEP Hall of Fame.

We deeply appreciate the work of researchers, developers, and white-hat hackers who help make the BLEEP ecosystem safer and stronger.

Together, we’re building the most secure blockchain platform of the future.

– The BLEEP Core founder.