Security Policy
Guidelines for responsible security research and vulnerability disclosure.
Our Commitment
At Setto, security is our top priority. We are committed to protecting our users, partners, and the broader blockchain ecosystem. We continuously work to identify and address potential vulnerabilities in our infrastructure.
Reporting a Vulnerability
If you believe you have discovered a security vulnerability in Setto's services, please report it to us immediately. We appreciate your help in keeping our platform secure.
Contact:
security@setto.pageDisclosure Guidelines
- Provide detailed reports with reproducible steps
- Allow reasonable time for us to address the issue before public disclosure
- Do not access or modify other users' data without permission
- Do not perform actions that could harm the service or its users
- Do not use automated scanning tools without prior authorization
Scope
- Setto API and SDK vulnerabilities
- Smart contract security issues
- Authentication and authorization flaws
- Data exposure risks
- Transaction handling vulnerabilities
Out of Scope
- Social engineering attacks
- Physical security concerns
- Denial of service attacks
- Issues in third-party services
- Previously reported vulnerabilities
Response Timeline
We aim to acknowledge receipt of vulnerability reports within 24 hours. Our security team will investigate and provide updates on the remediation timeline. Critical vulnerabilities are prioritized and addressed as quickly as possible.
Safe Harbor
We consider security research conducted in accordance with this policy to be authorized and will not pursue legal action against researchers who act in good faith. We ask that you comply with applicable laws and these guidelines when conducting security research.