Skip to content

Latest commit

 

History

History
13 lines (7 loc) · 1.66 KB

Standard_disclosure_policy.md

File metadata and controls

13 lines (7 loc) · 1.66 KB

Standard disclosure policy for open-source contracts

This disclosure policy defines the rules by which the Security Department will publish the results of its work during audits of open-source smart-contracts.

If no errors are found in the contract, the head of the security department may notify the customer about the completion of the audit and publish the report immediately after the completion of the audit.

If there is not enough information provided to contact the developer of the contract or the requester of the security audit, then the head of the security department should publish the report immediately after the audit is completed without notifying any parties about the completion of the audit.

If errors of medium, high or critical severity were found in the contract, then the head of the Security Department must contact the developer of the smart contract and report any errors found during the audit. The head of the Security Department must not publish the results within 15 days after the completion of the audit and finding errors.

If the contract contains errors of medium, high or critical severity, but there is not enough information provided for the head of the Security Department to contact the developer of the smart contract, then the Callisto Network announces the completion of the audit using its media resources to attract the attention of the contract developers within 15 days since the completion of the audit.

After 15 days from the date of the completion of the audit, the head of the Security Department must publish the results regardless of the severity of the findings and a reaction of the developers of the smart-contract.