Storj Bug Bounty Program.

Security researchers play an essential role in the Storj Community by discovering vulnerabilities and sharing them with our team, helping us improve the quality and security of our products.

Submit your findings.

Our Security Team reviews every submitted report. If accepted, you will have direct communication with one of our team members through the investigation process. You may be asked to provide additional information.

We encourage you to submit thoughtfully investigated and clearly written reports explaining in detail your methodology, results and recommendations. Reports consisting solely and entirely of testing tool outputs are not preferred. We look forward to receiving your high quality research.

How to Submit

If you have found a security vulnerability we encourage you to submit your reports to  security-reports@storj.io including:

Brief summary

Steps to reproduce

Proof of concept /Evidence

Clear, thoughtful analysis

Recommended remediation

Reward Payments

All bounty rewards will be paid in STORJ Token.

Low: $100
Medium-High: $250
Critical: $1,000

Guidelines

• Security researchers are to report vulnerabilities discreetly to Storj Labs using security-reports@storj.io
• One report may be filed per email submission
• You must comply with all applicable laws, including local laws of the country or region in which you reside or in which you are using Storj products
• Storj Labs Bug Bounty Reward payments are granted solely at the discretion of the Storj Labs Security Team
• Storj Labs Bug Bounty Reward payments may not (a) be issued to reporters in any U.S. embargoed countries or (b) on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List or any other restricted party lists.
• Storj Labs Bug Bounty  Reward recipients are responsible for the payment of all applicable taxes.
• Threats of any kind including threatening publication or disclosure violates the policies and terms of the Bug Bounty Program and will result in a permanent ban.

Scope and Qualifications

• The Bug Bounty Program includes Storj Labs, Valdi, and CunoFS
• Services and platforms not hosted by Storj Labs are outside the scope of the Storj Bug Bounty Program
• You must be the first reporter of a vulnerability
• Vulnerabilities must be relevant, exploitable, and well-documented in the vulnerability report
• You must not be an employee or contractor of Storj Labs currently or in the last 12 months prior to submitting your report
• You must comply with company policies and guidelines when discovering and submitting the vulnerability
• The decision to grant a reward for a vulnerability report and the value of the reward is entirely within the discretion of Storj Labs. The value of the report will be based on the impact and severity of the reported vulnerability.

About STORJ Token Payments