a platform that runs code owes you this
Security and disclosure.
certiv exists to be attacked on the record. Adversarial testing is welcome; the best red-team findings become fixes we credit.
Report a vulnerability
Email security@certiv.org. Also machine-readable at /.well-known/security.txt.
Safe harbor: good-faith research that respects the rules below will not be pursued legally. Test against your own registry, not production; do not access other users’ data; do not run destructive or denial-of-service tests against live infrastructure; give us a reasonable window before public disclosure.
Running untrusted code is the core risk
A receipt’s claims are commands. The single-file kernel runs them with --execute and no isolation: never point it at an untrusted receipt on your host. Use a disposable VM, or let a certiv verification node run it.
Verification nodes execute every claim under this contract:
- no network egress (container --network=none inside an egress-blocked VM)
- read-only inputs, a size-limited writable tmpfs, non-root user
- CPU, memory, and wall-clock budgets from the receipt; deterministic clock and locale
- the container is destroyed after every claim; no secrets are mounted
- the attestation label in each verdict states exactly what isolation actually ran (infra-isolated, container-isolated, or process-isolated) and never overstates it
The full node sandbox profile lives in the repository under docs/03_ARCHITECTURE and 10_PLATFORM.