ISO 27001
Underway
Information security management certification in progress. Target: 2026 H2.
How to report
Email contact@edssa.io. Encrypt sensitive details with our PGP key.
PGP fingerprint: [PLACEHOLDER — to be published]
Scope
In scope:
- The edssa.io marketing site and its API endpoints.
- Any production-facing service we operate at *.edssa.io.
- The reference implementation of the DSSA protocol family, if and when published.
Out of scope:
- Findings from automated scanners without demonstrated impact.
- Vulnerabilities in unrelated third-party services.
- Attempts that disrupt service for other users.
What to expect
- We acknowledge within 48 hours.
- We commit to a 90-day disclosure timeline by default. Coordinated extension on request.
- We credit the reporter publicly once the issue is resolved, unless the reporter prefers to remain anonymous.
Bug bounty
We are launching a paid bug-bounty programme alongside our first paid pilot. Until then, we acknowledge contributions in our security hall of fame and offer a token of appreciation for material findings.
SOC 2 Type II
Underway
Service organisation controls audit in progress for the operational surface. Target: 2026 H2.
Common Criteria
Evaluation initiated
Common Criteria evaluation initiated for the protocol implementation. EAL target under review with evaluation lab.