Security Policy
Responsible disclosure and vulnerability reporting
Our Commitment to Security
At Lattice.one, we take the security of our systems and user data seriously. We appreciate the security research community's efforts in helping us maintain the security and privacy of our users.
Reporting a Vulnerability
If you believe you've found a security vulnerability in our services, please report it to us through one of the following channels:
- Email: security@lattice.one
- Contact Form: lattice.one/contact
What to Include
To help us understand and address the issue as quickly as possible, please include:
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity assessment
- Any proof-of-concept code (if applicable)
- Suggested remediation (if available)
- Your contact information for follow-up
Our Response Process
When you report a vulnerability to us:
- Initial Response: We will acknowledge receipt within 48 hours
- Assessment: Our security team will assess and validate the report
- Updates: We will keep you informed of our progress
- Resolution: We will work to remediate the issue promptly
- Disclosure: We will coordinate disclosure timing with you
Responsible Disclosure Guidelines
We ask that security researchers:
- Provide us with reasonable time to address the issue before public disclosure
- Make a good faith effort to avoid privacy violations, data destruction, and service interruption
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
- Do not access, modify, or delete data belonging to others
- Do not perform actions that could harm our users or our services
Scope
In Scope
- lattice.one and all subdomains
- Official Lattice.one applications and services
- Infrastructure directly controlled by Lattice.one
Out of Scope
- Third-party services and websites
- Issues in third-party applications or libraries (please report directly to them)
- Social engineering attacks
- Physical security issues
- Denial of Service (DoS) attacks
Safe Harbor
We consider security research conducted in accordance with this policy to be:
- Authorized concerning legal restrictions on computer intrusion
- Exempt from restrictions in our Terms of Service that would interfere with security research
- Protected under our commitment not to pursue legal action for good faith security research
This applies provided you comply with this policy and applicable laws.
Recognition
We value the contributions of security researchers who help us maintain security. With your permission, we will:
- Acknowledge your contribution in our security acknowledgments page
- Provide a timeline for resolution and disclosure
- Credit you in any public disclosure (if desired)
Contact
For security-related inquiries:
- Email: security@lattice.one
- PGP Key: Available upon request
- Security.txt: /.well-known/security.txt