Skip to content

Latest commit

 

History

History
117 lines (104 loc) · 6.39 KB

security.md

File metadata and controls

117 lines (104 loc) · 6.39 KB
Raw

Security Policy

At ShapeShift, we take security seriously. We encourage independent security researchers to contact us in order to privately report security vulnerabilities or issues. The information on this page is intended for those security researchers that are interested in reporting security vulnerabilities directly to the ShapeShift security team.

Reporting a Vulnerability

If you would like to disclose a vulnerability to ShapeShift, we encourage you to email security@shapeshift.io. Please include the following information in your email:

  • Your name, nickname, handle, or what you’d like to be called while we communicate with you
  • The date/time you first identified the vulnerability
  • How you identified the vulnerability
  • As much detail about the vulnerability as you can
  • Any additional information you feel may be pertinent

Report Lifecycle

After you make a report, we will work with you to confirm it and assess its impact. Once we've been able to confirm the issue, we'll work to remediate it. We ask that you keep your report confidential for 90 days after you make it, to give us a chance to remediate the issue and protect our users.

After we have fixed the issue -- or after 90 days, whichever comes first -- we will release a summary of the issue you reported and any remediation steps we've taken, and you are free to publish.

COMSEC

If you would like to encrypt your vulnerability report, please use the following GPG key.

Security Workstream GPG Key 
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBElfqykBEACuRdC/SKdXjFiMzbBGVSaEMamQmsQdvbk7jcFZF4m6wDOcvCNA
N7IZIaJ7t6TI4M7TXerVFLbx36nhWTj4s73Wwr+ia9R9V2Ei0R3bwknf31e16VAN
mlhxj+Y9Tp6rI9TwrDicNqqlunlyxkX1eeiYyQPoW6pPMLr3hYx4AKlmmUePpgu9
Fl7hRHsU+RjwadZGl61MGtSDJYlHaMc2I8DAddEEhevIcfkwsRwCKzZe3w9MOOJE
oIzxo1sykAwuBum3SkK1HojfIFl+cmiN1N0vOy64tI2NK7/6u706ibBeRIfOI72I
HL0KR2om/k2ID6zk/fgJQcTPrcB/7KOKwyj+Um5ZoGTVkKnA9gF8405cB6Sjs71Q
67e4zUOP9dtWDWBnmsXE2hNCpo/d860zDQO7bAxzATuaA80h0PwtXRA7G+sAWaFO
FKPdTT3uo/y2ZwFN2RhxzqheiNhkbCWawJm9IzT06BuuIJjIaUEMbP10C8Z6bw9j
njpnRprUE18mKwdTNyLKky80itS4ffhtOOuwH0uMP0OgRAdhLywrDoLNw9RDoVWG
NbSQgUU+dC8ON1yB/tY8jWo3j91Oo9GK5TxeN1zcFJpClKHz2AAEHM/fjXWQFF1i
LnU5Cx2KT882DnP/OVd6rltwKBBD5v9eHutkbhtZ+m1DFTk1+gjJ3eL9vwARAQAB
tEZTaGFwZVNoaWZ0IERBTyBTZWN1cml0eSBXb3Jrc3RyZWFtIDxzZWN1cml0eS53
b3Jrc3RyZWFtQHNoYXBlc2hpZnQuaW8+iQJZBBMBCABDBgsJCAcDAgcVCgkICwMC
BBYCAwECHgECF4ACGQECGwMWIQTVohJx8nm5FQrOCzAMyuYsTOmtHwUCYdFGXwUJ
GlLOtgAKCRAMyuYsTOmtH934D/9FUvwh5k7kFCXQOHEmeN09jyqK/Bhz+dbzpqHk
uvldKNv4P74dHGR+MB02JOPKQXqwHgnshiipPn2TuN+zMxWJIxsOPL8sP2+22zqU
YJqUX3qXFx8jCiH4DqTooziiwjIQDcykTnPa/ab7q9AIOWECgfpAY07JjhXSBPzB
/97gCfl03iLvWtxzfelY0TJCgEbxQdOO9dY4saHj7RRFiq61NJkrsKTRiKl0ppmb
4/u43rE0lG802m740Vot4W0oxN4rvxOPf837mtqYXDnWwtHB2jeiWdMV/SfnX4UO
NDl7VbvHiR9XtRI5QsSdM3b6boAmdBB+sNZvWUV65sVu6+lg97Vga5AGTMIIqv9b
LmmU7qJ1Y0eCZ441EzqvJ6BS9ahegHTWCQYThBT58gVO8AwwUCcXaPlPNUZQNEQh
vVAVw3NKxqt215XdEBlSK7r6y3BTTbCTVmFYpSu9mU3w1RlHa0j1ObMstcQv5v9z
m0h1gOGD4AoqjVBiY9/QqdbVhZfaXD8ZE7vvtrp/9Y72hsAtV7vbUomGCrNnuX+q
hwywrwjxSZb32vb4h+44yehzc18U8Ma59ZizaBmActzrdgBQEVB3OcboNALZ0Hy0
EvJtQA18FSiKJgYsCCIP7SLUIvSghhvGV2XmpJxXOG3uDVau8LmcQCSCEYEx50Ou
l2r1QrkCDQRJX6spARAAnZz/+U2cyxVmmmRmutLGpobVVdGdxWDZYSPJt91Fe218
j0UCWMA9YpWaEmeW3l+VeuglgM6zZwO5javSGkwsh6GR6KcjRenA8DAPjHioLBNR
q+NflYoM/TQ8KwT9wRs5TwwyFmPgnQDSEUGKjbOwNvmlaCpM9rGaGgSIewbtS+PR
mfdKN9oxCGRqkw+jwgCB/hH8lFCYWZWCK+SDYwgGdtczaZ6Jn4AVDBbH9DCEm+HM
lkfcspFv8VRjzDL1At5FNc8g+sSbQx2z/p6HvRgvZhzdm6ejKJBvhgvmYMj2YSdg
2/NxPb85E/v4GuNYGpAuHE42Vm6nKt+DUHKrOop0bd5FfmA6waq2owj/bYFToyYZ
KcaWIOrc6rTVsuwFYFbuq9Her/X/w8DzoE2taxpC0dbbXh7bJ4mR+jL16f8gRICO
TDK7noxj2Ar0Lu6wDGNUMiMfcIzNfnGOyEW9DqibsxluV9jgjbwr/rvYL3hpWwgh
+LknpbQP81B1/GsijqojbnXU9PvO+TrytZD8LWhd7FCZygrRMMHI5rhKUY6M+vUV
ztrMLtST//uv1w+/bivUU+q++LQ88SHChUnTxu693Wrqie16yQoDkwr3qLb6J/gm
jqFXbwZOx6y74j5Ici1JOuH2fSU/SnPjrmyb3H3u0yW546lYhU9lkyauzUErcqMA
EQEAAYkCPAQYAQoAJgIbDBYhBNWiEnHyebkVCs4LMAzK5ixM6a0fBQJh0UZoBQka
Us6/AAoJEAzK5ixM6a0fAUoP/13vg7AdE/WokUKpkKHgXuvW5xB/3e6s/BOeanR+
PSiuqn3A/4La1kQBt5fZgn3s1iqwMPVLzGNuyTOKK8NQ3yzY2BWaL4ariGZIKiEI
NRmuF63cwbAui1bsMD5G81nfcgaqHmOVzdsbOP5Z8mkTpvaey2A7gSIEDpfoBNL1
A5uli0czF0VNj6BM2osq9cpuJBJF+RnEegW22nxyYIyURfKc0apdRZSg8zYNf3AP
5v9VrdhVdGRlChjEa/TbuxeulsALwI3/akiu22OtqwkvVI9vVPCTlKo0h1fNUb6T
bP/2X8lEw/lpfl8yKaWTupkG+lBPc/sCA5OQUdYVgOIecdEZZN0/FHI93NsWv7kX
cAR+BMXvfgR1QTqGVFZA8b3gvxyXUQLObHjuqcv5A2eJ2f9iMZZgwDom5JwLlPHl
PLJiS6xGVNrYlnNPbtFUIApSGlH2WIZsIdJLzqM6PYWBSCnIiFOUJDAjMBNN9+dG
ZMfmN2Nzhra6ZcekGMpaKcUrOCp/7yBTzTwQNw8yXi75LAnI9Hx7bS0mmV7+DYrY
1ulQL6fS/AttM4p0B3t/Do1tdUh0A1KgSG5WbOzfiimW8pbxnZSIbZalbw5LptMK
HL+ggWcoi61sK1kQTK5SkMHq3b/FiRBK5a8LF+esqvG3L7pbnjPAgqRxV4vBDL4J
xQNmuQINBElfqykBEACjgi0r15DCD+sSkbx9sIGwleMnqL8B17eLZ2EiQcrq37G3
yKkTfuyotmDdIEq22m3C2TDVKX9SwPAmZy3VLFiKNq510tNCeW/mVZI1o+VypGLW
ywE1eIJkeeMuPKpmdL8/HkcjCg/LCE/nOJnMSQK6k7Z9ntHM9ShyWmImM+OnXPib
/M4EbAh7lRuWvdbf8rm+Qz/YkAYmdAnflKCYsU3AKKWMlxsfab01yjdrYi/nem5i
dPdsZeBX/7CnsnX/QlzSpLGPJAiOav4Mrotf1bMYZmA5zb4pcMPfjZJWfx+Px3o0
8YGcbC6Arg2xwTTUxYFZfGBgXQoZFqkPHQBIVHn/JIRxPy4IIDHboDk44B8G2TEs
7W3IoqVawJ/PISF3Wu0FGab6pFwobNjVX0YmNtE3dkV6kf+NuVtf2E8B6CBouc8+
grQy053W3dAZTyR/MYzqBkiqKCJhFbnHus3Xl4/lxIfh7c9XCMNyrSDM9pCmFrOA
ONXHB5wKj3s5KTH7PIYYrET7g61+BsiLQd2ye2WibL8RokWEtRAZwQzP3t9PIjFV
nwiyCryR10THV7XIYgHRDIsqHqdLle9R3yg98XPpmwsQaXTzgQCzJVzeOS+6uQq5
x0HnwH6VsiQX/ztJ1ytlQ4YorQA5gdfSQUTeZJJVfGArmFJgshWkpofIe7xgMwAR
AQABiQI8BBgBCgAmAhsgFiEE1aIScfJ5uRUKzgswDMrmLEzprR8FAmHRRnUFCRpS
zswACgkQDMrmLEzprR8VUxAAirxk9CEvGMH2O6kA3zW7hH6iNpzZhPT9H24iyF2B
ZR29ct6lTK0rlmy75tJAKOVy2fKR5oTZlz48bR2QjOuc1nsB1HJr1H+SO1+wRizU
YTq648MWdNQbN4ikS2kF2tCnM7T8cgvxulQykxcGUU+JqtVqRd1jBBjtdhcmIDG7
rGGz/2DUT97zPd3KdR2VopfD8E5bb8Yn4/CtP6ee612ZDuPdEK6zOOMd3VC/DCZg
OlDZk0t7Ue6tkI3qiJFKkj8OqpIpt8sLiE/D4q+HLGwo/wNmg+G19bZsiSogF/0G
s8/60pIzHCnZ29yWFT58vLKZfbWklqlCHJnTBEHykgeIURTP4INYLijFNvWFHKL+
yRtPA+NcwXhtN3FaxQ8KWKMgvmNtC9TWcfsewcfELAWbFKTcyOJREwdhRFbMK4jJ
i275vMAPF6dm6r4hBDGJY25zE8d80n295hRabYQ/j+qcN3HEepz3rTUD0jY8JnXE
+DWPkUN7RP9zYIJPGz9uVVyRQPe4/zsIrLF55Qu25zjnUa21ilmUx3M7R5QU+qRS
0tSfXmA2oXURBTiyCQB2X9EcgbIU/CGCmJnv4i/y8Jdb0PxAJ0M/zhEbWJsns4oS
xAKwm2bVUCNW0BcKxvoEgZlgHOgs25G7GX7Q4yw36E8Gti7JWdfEpdSbUiH1jKBN
LPE=
=LP+W
-----END PGP PUBLIC KEY BLOCK-----