Vulnerability Disclosure Policy
Responsible Security Research
We value the work of security researchers. If you've found a vulnerability, we want to hear about it.
Scope
What's covered by our vulnerability disclosure program.
In Scope
- sentinelseed.dev web application
- @sentinelseed/core npm package
- sentinelseed PyPI package
- Sentinel API endpoints
- $SENTINEL smart contracts
Out of Scope
- ✕Social engineering attacks
- ✕Denial of service (DoS/DDoS)
- ✕Physical access attacks
- ✕Third-party services and dependencies
- ✕Spam or phishing campaigns
Reporting Process
From initial report to coordinated disclosure — here's how we handle security issues.
Report
Email team@sentinelseed.devAcknowledgment
Within 48 hoursAssessment & Triage
CVSS classificationFix Development
90-day disclosure windowCoordinated Disclosure
Public advisoryCredit
Advisory + acknowledgmentReport
Email team@sentinelseed.devAcknowledgment
Within 48 hoursAssessment & Triage
CVSS classificationFix Development
90-day disclosure windowCoordinated Disclosure
Public advisoryCredit
Advisory + acknowledgmentSafe Harbor
We won't take legal action against security researchers who follow these guidelines.
Act in good faith and avoid privacy violations, data destruction, or service interruption
Only interact with accounts you own or have explicit permission to test
Report vulnerabilities promptly and provide sufficient detail to reproduce
Do not disclose vulnerability details publicly until the fix has been released
Note: This safe harbor applies only to legal claims under our control. It does not bind third parties or provide immunity from laws that apply regardless of our policies.
Severity Classification
We use CVSS v3.1 to classify vulnerability severity.
| Severity | CVSS Score | Response Time |
|---|---|---|
Critical | 9.0–10.0 | 24–48 hours |
High | 7.0–8.9 | 3–5 days |
Medium | 4.0–6.9 | 1–2 weeks |
Low | 0.1–3.9 | 2–4 weeks |
Security Advisories
No advisories published yet.
Published advisories will appear here.
Report a Vulnerability
Found something? Let us know and help make AI agents safer for everyone.