Disclosure SLA public

Superstate's assessment for RD-F-176 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No public disclosure-acknowledgment SLA found. Superstate docs commit to 'timely initial response' and 'timely remediation' without specifying any duration (e.g., no 24h or 72h acknowledgment window). No SLA is published in docs, on the security page, or in any accessible policy document. Matched circle-usyc and spiko peer pattern exactly — both scored F176 red for similar indefinite-timely language. Red is appropriate.

Sources #

Internal
Superstate Protocol Profile §900-profile.md §9 — no compensation commitment, no SLA noted; disclosure via security@superstate.co onlyretrieved 2026-05-16
Docs
Superstate Security Documentationdocs.superstate.com security page — states 'timely initial response' and 'timely remediation' with no specific duration; no SLA timeframe publishedretrieved 2026-05-16

Methodology #

Determine whether the protocol publishes an acknowledgment-time SLA for disclosed vulnerabilities (e.g., 72h ack).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol superstate factor RD-F-176 score red collected_at 2026-05-16 00:06:37