Vulnerability Disclosure

This page covers partners.attestlayer.com only, including partner program pages, reserved-capacity or order pages, partner-specific billing/support pages, and other AttestLayer-controlled content hosted on this domain.

1. How to report

If you believe you have found a security vulnerability, email security@attestlayer.com with:

• The affected URL or feature on partners.attestlayer.com.
• Clear reproduction steps.
• Your assessment of impact or severity.
• Screenshots, logs, or a proof of concept if they help validate the issue safely.

2. Response targets

Please do not publicly disclose until we have had a chance to investigate and remediate. We will acknowledge receipt within 3 business days and provide status updates as appropriate.

3. Rules of engagement

• Keep testing non-destructive and narrowly scoped to partners.attestlayer.com.
• Do not exfiltrate partner or downstream customer data.
• Do not degrade availability or run denial-of-service testing.
• Stop once you have enough evidence to demonstrate the issue safely.

4. Out of scope

• Partner-managed environments, customer systems, and third-party processors not operated by AttestLayer.
• Social engineering, physical security claims, spam, or reports that require public disclosure before a reasonable remediation window.
• Issues affecting other AttestLayer domains that have their own disclosure page.

This page does not promise a bug bounty. Helpful reports may still be acknowledged or discussed directly with the reporter.