Security & trust
Responsible disclosure and institutional trust anchors
DBIS publishes security reporting channels, disclosure expectations, and cryptographic trust materials for member institutions, researchers, and counterparties.
Disclosure workflow
- 1. Report a vulnerability or trust issue through the protected reporting workflow or the designated security mailbox.
- 2. Include affected system, impact, reproduction notes, and whether member or public infrastructure is involved.
- 3. DBIS acknowledges critical submissions on a same-business-day basis and coordinates remediation windows with impacted operators.
- 4. Public advisories are published after containment, validation, and institutional approval.
Preferred route
Use /report when acting under an authenticated institutional role. Public disclosures may be routed through the designated security mailbox where authenticated access is unavailable.
Trust anchors
- Machine-readable trust metadata/.well-known/trust.json— endpoints, contract addresses, entity registrations
- Governance body definitions/governance.json— councils, officers, accountability
- Policy specifications/policy.json— settlement tokens, gold tokens, contract addresses
- Key continuity statementsPublication of signing-key rotations, compromise notices, and trust deprecations.
On-chain verification
All settlement contracts are deployed on Chain 138 and verifiable via the public block explorer at explorer.d-bis.org. Canonical contract addresses are listed on the Infrastructure page and the GRU technical model.
Security contact posture
Public contact points are intentionally limited to controlled reporting channels. Dedicated addresses, signed acknowledgements, and escalation ladders are published through the institutional trust package.