Security & trust

Responsible disclosure and institutional trust anchors

DBIS publishes security reporting channels, disclosure expectations, and cryptographic trust materials for member institutions, researchers, and counterparties.

Disclosure workflow

1. Report a vulnerability or trust issue through the protected reporting workflow or the designated security mailbox.
2. Include affected system, impact, reproduction notes, and whether member or public infrastructure is involved.
3. DBIS acknowledges critical submissions on a same-business-day basis and coordinates remediation windows with impacted operators.
4. Public advisories are published after containment, validation, and institutional approval.

Preferred route

Authenticated members: use /report after Keycloak sign-in. Public disclosures: security@d-bis.org. Whistleblower matters: whistle@d-bis.org or the whistleblower intake page.

Trust anchors

Machine-readable trust metadata/.well-known/trust.json— endpoints, contract addresses, entity registrations
Governance body definitions/governance.json— councils, officers, accountability
Policy specifications/policy.json— settlement tokens, gold tokens, contract addresses
Key continuity statementsPublication of signing-key rotations, compromise notices, and trust deprecations.

On-chain verification

All settlement contracts are deployed on Chain 138 and verifiable via the public block explorer at explorer.d-bis.org. Canonical contract addresses are listed on the Infrastructure page and the GRU technical model.

Security contact posture

Initial public contact points are intentionally limited while institutional processes are hardened. Dedicated addresses, signed acknowledgements, and escalation ladders will be published here once the trust package is finalized.