Security

Security you can verify

Audited primitives, a public bug-bounty program, and an ENISA-aligned posture — stated without overclaiming, evidenced by links.

How we earn trust.

Audit reports

Independent audits of the building blocks, linked where they exist.

Repositories

Bug-bounty program

A public scope and reward schedule for responsible disclosure.

Responsible disclosure

A security.txt and a disclosure address for reporting vulnerabilities.

security.txt

Standards posture

ENISA-aligned and eIDAS-aligned — alignment we can evidence, never a certification we do not hold.

Standards

Aligned, never overclaimed.

Each alignment links to its evidence. We never claim a certification we do not hold.

W3C Verifiable CredentialseIDAS 2.0 / EUDI-alignedENISA-alignedOSRUL v2.0

A note on honesty.

// pre-launch — every audit and bounty link must resolve or be marked pre-launch before publication (QUESTIONS_FOR_HUMAN.md §19.9).

Read the code. Read the Mandate.

The Foundation’s two highest-trust actions. Verifiability over persuasion.

Read the codeRead the Mandate