authorityrail.com / trust / security-contact
// Trust Center

Security Contact & CVD Policy

How to responsibly report a security vulnerability in AuthorityRail's execution authority infrastructure. Safe-harbor language for good-faith researchers. 90-day disclosure window doctrine.

Last revised: 2026-05-17 · Version v1.0

Primary security contact
Email
PGP key
/pgp-key.txt (founder-generation pending; encrypted transit via TLS + Signal exchange in the interim)
Response SLA
Within 24 hours, business days; 48 hours weekends
Acknowledgement
Within 5 business days
Triage decision
Within 10 business days
Researcher hall of fame
authorityrail.com/trust/researcher-hall-of-fame (populated upon first acknowledged report)

Coordinated Vulnerability Disclosure (CVD) policy

AuthorityRail subscribes to the AuthorityRail Standards Foundation Coordinated Vulnerability Disclosure doctrine:

What to report

What is out of scope

Safe harbor

AuthorityRail will not pursue legal action against good-faith security researchers who:

If you believe your research is at risk of crossing these lines, contact [email protected] first to coordinate.

What to include in the report

What we will not do

Related documents

This CVD policy is published under the AuthorityRail Standards Foundation doctrine. Researchers reporting vulnerabilities in any AuthorityRail Standards Foundation-published standard (ARES-v1, WARS-v1, etc.) should use the same security contact; the Foundation is the disclosure coordinator for standards-level findings.