At Solus Protocol, the security of our infrastructure and the integrity of the medical data we protect are our highest priorities. We appreciate the efforts of security researchers in identifying vulnerabilities.

Please do not open a public GitHub issue for security vulnerabilities. If you discover a potential security flaw, please report it privately via:

• Email: support@solusprotocol.com
• PGP Key: [Link to your PGP Key if available]
• Subject: Vulnerability Report: [Short Description]

• A detailed description of the vulnerability.
• Steps to reproduce the issue (PoC scripts or screenshots).
• The potential impact on the protocol or users.

The following are in-scope:

• Solus Core Protocol (Data Anchoring Logic).
• Solus API and Gateway services.
• Smart Contracts deployed on the XRPL.

The following are out-of-scope:

• Denial of Service (DoS/DDoS) attacks.
• Social engineering or phishing of Solus employees.
• Vulnerabilities in the underlying XRP Ledger (these should be reported to Ripple/XRPL Foundation).

If you follow these guidelines, we commit to:

• Acknowledging your report within 48 hours.
• Providing a timeline for remediation.
• Safe Harbor: We will not pursue legal action against researchers who act in good faith, do not exfiltrate data, and provide us reasonable time to fix the issue before public disclosure.

If your research involves the accidental discovery of Protected Health Information (PHI) through a gateway exploit, stop your testing immediately and notify us. Do not store, copy, or share the data. Solus Protocol will handle the necessary regulatory reporting.