Responsible Disclosure

See something? Say something. We're listening!

In this article
Last update
February 5, 2024

How to Submit
 a Vulnerability

To submit a vulnerability report to Cubist’s Product Security Team, please utilize the following email: [email protected]

Preference, Prioritization, and Acceptance Criteria

We will use the criteria from the next sections to prioritize and triage submissions.

  • Reports that include only crash dumps or other automated tool output may receive lower priority.
  • Reports that include products not on the initial scope list may receive lower priority.
  • Please include how you found the bug, the impact, and any potential remediation.
  • Please include any plans or intentions for public disclosure.

What You Can Expect from Cubist

  • A timely response to your email (within 2 business days).
  • After triage, we will send an expected timeline, and commit to being as transparent as possible about the remediation timeline as well as on issues/challenges that may extend it.
  • Notification when the vulnerability analysis has completed each stage of our review.
  • Credit after the vulnerability has been validated and fixed.

If we are unable to resolve communication issues or other problems, Cubist may bring in a neutral third party to assist in determining how best to handle the vulnerability.

How to contact us

You can reach us by email at [email protected]
 or at the following mailing address:

Cubist, Inc.
3911 Cleveland Ave #3054
San Diego, CA 92163 
USA

Tell us what keeps you up at night.

Talk to us

Products

CubeSigner Self-Custody
CubeSigner End-User Custody
Bascule Drawbridge

Features

Hardware-enshrined Smart Contracts
Bitcoin & Babylon Workflows
Programmable Policy Engine

Security

Product SecurityInformation Security

Company

AboutPressCareersContact Us
Responsible Disclosure

Resources

Blog & UpdatesCase Studies
Responsible DisclosureTerms and ConditionsPrivacy Policy
Terms and Conditions

Follow us

LinkedIn
X (Twitter)
Privacy Policy
SOC Icon
© 2025 Cubist
Products
CubeSigner Self-Custody
CubeSigner End-User Custody
Bascule Drawbridge
Features
Hardware-enshrined Smart Contracts
Bitcoin & Babylon Workflows
Programmable Policy Engine
Security
Product Security
Information Security
Company
About
Press
Careers
Contact Us
Use Cases
Protocols & Governance
Payments & Tokenization
Treasury & Trading Operations
Staking & Validators
Cross-chain DeFi & Bridges
Consumer Wallets & Gaming
On-chain AI Agents
Resources
Blog & Updates
Case Studies

Follow us

LinkedIn
X (Twitter)
Responsible DisclosureTerms and ConditionsPrivacy Policy
© 2025 Cubist. All rights reserved
© 2025 Cubist