Security & trust
Responsible disclosure and institutional trust anchors
DBIS publishes security reporting channels, disclosure expectations, and cryptographic trust materials for member institutions, researchers, and counterparties.
Disclosure workflow
- 1. Report a vulnerability or trust issue through the protected reporting workflow or the designated security mailbox.
- 2. Include affected system, impact, reproduction notes, and whether member or public infrastructure is involved.
- 3. DBIS acknowledges critical submissions on a same-business-day basis and coordinates remediation windows with impacted operators.
- 4. Public advisories are published after containment, validation, and institutional approval.
Preferred route
Use /report when acting under an authenticated institutional role. Public disclosures may be routed through the general security mailbox until the dedicated intake workflow is finalized.
Trust anchors
- Machine-readable trust metadata/.well-known/trust.json— endpoints, contract addresses, entity registrations
- Governance body definitions/governance.json— councils, officers, accountability
- Policy specifications/policy.json— settlement tokens, gold tokens, contract addresses
- Key continuity statementsPublication of signing-key rotations, compromise notices, and trust deprecations.
On-chain verification
All settlement contracts are deployed on Chain 138 and verifiable via the public block explorer at explorer.d-bis.org. Canonical contract addresses are listed on the Infrastructure page and the GRU technical model.
Security contact posture
Initial public contact points are intentionally limited while institutional processes are hardened. Dedicated addresses, signed acknowledgements, and escalation ladders will be published here once the trust package is finalized.
