Bug bounty program

Hall of thanks

We would like to thank the following people for their support in making our products more secure.

1. Saleem Rashid 5400 points
2. jubobs 400 points
3. Christian Reitter 200 points
4. sa1tama0 200 points
5. LazyNinja 200 points
6. Joseph Jose 100 points
7. Maksym Kraynyuk 100 points
8. Dmitry Zemlyakov 100 points
9. Virendra Tiwari 50 points
10. Edward Garcia 50 points

How to disclose

Step 1.Include the following information in your report

  • Code or proof of concept so that we can reproduce the vulnerability.
  • Description of the vulnerability.
  • Your name/handle: In order for us to give you proper recognition if you wish.

Step 2. Use the following PGP key when submitting sensitive information

Step 3. Send your report to [email protected]

After your submission, we will follow up with you as part of the review process. Once we have determined that you have found a security bug, we will give you recognition for your work as part of our "Hall of Thanks" (if you desire) and allow you to claim your bounty reward.

Note:

  • We do not reward bug bounties for vulnerabilities found in third party services. Please report these issues directly to the relevant service.
  • We typically do not reward bug bounties for products or services that we do not sell or offer yet (such as beta devices) or for products or services that we no longer sell or offer (after their end-of-sale). However, please still submit any vulnerabilities you find. We may consider paying out a reward regardless.

Please read the details for full requirements on how to be eligible for the bug bounty program.

Security announcements

We encourage you to sign up to the security announce mailing list to stay up to date with the latest security news from Shift, including release notes and bug fixes.

To subscribe, please send an email to [email protected] or follow this link: https://groups.google.com/a/shiftcrypto.ch/group/security-announce/subscribe