Security

Security at Subspace

Customers and users put a lot of trust in us and the services we provide them. The security of customer data, our products, and our services are a top priority. We have teams across Security, Software Engineering, Networking, Data, and Operations that work to protect our users and their data.

Our security efforts include not only implementing best practices internally, such as secure software development and internal reviews, but also conducting ongoing external security assessments and threat modeling.

Discover a Vulnerability On a Subspace Service

At this stage, we do not have a bug bounty, however, we are very grateful to anyone responsibly disclosing security vulnerabilities to us. If you would like to report a security vulnerability or breach with regard to Subspace services or infrastructure, please email us.

We politely request that you do not publicly disclose any information regarding the vulnerability or exploit until we have had the opportunity to analyze your report and respond to the notification. We aim to be as transparent as possible and we will keep you informed as much as possible. In order to respond promptly to your report, please include:

  • Easy-to-follow reproduction steps
  • Proof of concept
  • Relevant tools (including versions)
  • Any tool output

Note: We may subsequently ask for information regarding verification and/or clarification.

As part of our commitment to transparency, we will provide you with status updates regarding remediation. If there is a published public security bulletin, the reporter of a vulnerability will receive credit.

How To Contact Us

For all security-related issues, email us at security@subspace.com. If you would like to securely email us, please use the following GPG key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF9El8sBEADflzcVOtBOmud35oAbKJr/ixSjOG7pNnMTn265LWov2AyUW+9f Yb8ptlQjq9P7hKbFV3CGrYK0qsU1VTX2r3H0WkEPOJXZnK3kWCPUMkTePkFtXPvV nG+Us0SARFHIN3KUfMqaNL0XH8JtW+WVIXK8yQ+bC6aRJwYT4bg5KZoBzHeNKPo0 s14FehWwWMfeEqF9YBgGJRQ+/FswbvT719HviArE+Izg5WCA8ZG0rPghcQM7vFe9 yX+heEkPMZKvBQMNddqoql9oEoKozmIyQreXHLIYkMiPDlulOiYcwH/Zmb6yuMcT +bvypB9ZqUxjASW0FhhP18c6EE7wcua6udyWluUoMJlaDsC1nN1uu0In5pOcLBlD 7P1JgeAOk1iTuq0mCbwbylslkNkrJFaoBHOKdaBPUd1FAb5PUapBd54MHL2NdRHG wDwSPP9p1pB+wPPoysDnHRWtsmXRJQj1MuMNZ/X62VBCQ/zrbAXY05dgwRE8Xafb +5nTX883j7RUMtr3WxzTPIpffSaJM/tKTQfSOw2wmRQgMdYuRYMc/n0gcXhMqvjg 3JE5CSInTuh9tNnxzg8t+xBjNYlbBJtBW5ttgwmVMOtea5Ygc/k3bZFnRyO3P9tN gBe5XsC6oP4cSTisjzQGtHgNV6eSWJQk+umBTcayKVo9CeJESvrySi1rNwARAQAB tE5TdWJzcGFjZSBTZWN1cml0eSBUZWFtIChHUEcgS2V5IGZvciBTdWJzcGFjZSBT ZWN1cml0eSkgPHNlY3VyaXR5QHN1YnNwYWNlLmNvbT6JAk4EEwEIADgWIQRruSXd DDjr2mlAO+t6TZxvXURcswUCX0SXywIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX gAAKCRB6TZxvXURcs54zEAClg4nSsf6vddtsSsxdehS7+g8PttYNrORdTwJf1FcG N6qN6qqOaJsa3L3L/POPYApVKLPZIgNJ0zbOUej85lSvyeJ9pES0hiLdYfsNCRp7 WhIlWLbZjit7kn8e0QFWhP7jTn0QMzDcNznCz5RtdCk8kEl6XUX4y31/NtOFmXyW XK6VozeWSUHp2/slEP+N4KcMLiAtP4CKkcYQwJY0VnevmXCoxv5bnhx72Vcx6hwS k9i2tps93CR+TrLLXb7cH3ImXK9Heb7U95ldOsg4I+gW+r2dELT0ntwc/SiD0ZQ8 ZWrErUJ9s2s6VRof8lISk/hl0rZgL85pRPdglk3Nq0BV2/xhx8cSYpI71qXGEQ3i A3tG1Xa8ilJkZCzPmiB0zccx4UkaNxBS+4U27OAER0sMlAZ9cC5JBKgYWI+mSWeT qQGPdSW6woyQA6LuoIK1ariZ3JfGvz1C4y32D6jC9sFgcLnPfn3C9qCqu+PapI5c TP57eqD8z60ji4TF3+F1BilTIUMRzJJMrMKJXAO7IUr7fsP/PpRRKlF+YkfDFFeH Kosti5G2LBP5ETdddbKLEwxo7yJyuZ/bNNUhQJWTfMo7GneksUQ2Bqpka2tIQr3L XD6OGX86QqPlkjVogklPlsZvPGlI4sFALd7Os+4BUJemqFgHGr9aoWt28NEt3Mbd TrkCDQRfRJfLARAAu2iMsOUuq7E5M9KjGMXK39QAy4Y6+NZDLL0YODOrc7x3gf0x +rNAQeOSFSDY8e4HABpr1WHIqFZfjlzGG/EF/wbPiSFcVgW0sPhuk6O/aQknKInc hfbm+zZl33nJidrNsm+domLeHcQ5ihYik69wuA/Jx0+Xifo4nR5g8X3RClsQEUF0 bUCMl4+UVCCGXA1koSXRjqrWZg7mq9f8rRafdLQf4VlPTL9EIsHjqp2LSEV8zeUq e7kEoNnKieHpLN9CMP2NWgDg10F+1d5lj8doKkMCpoOUkrcin+If0AKGstYgLN4g uUJldcxSym3t6//q1C6IsDELN8RkIgJIelRDxdY4Y+pnNdXw3w3kP3ncG/nHfDTU iD6SX10Vzt37jiNHWfyIhJXBCC9I36SAzNKzLJSsX/0sfMeRBAoH742NNymyjkPl pwBCHn3w2w+RSW3rHC7kMzUzLpVnxdyLwLCnmCCz8rzzJTbOK5uHLPKclKxnDEzt bgbuwP151l90+RCxNaDruwPXgUcI0+BvEZO1+bgsSm/STT7+8liUJTYKXwds7mmu t2XXZGxhOT8ie/FnwTie5QbdhRyEfwXiVNqNr2R2ramzpKiRYFlPtnbAeG59U+1f SL2UXdX9F2uZRgKiyBasDcaCdvlFTdB3sfNH4YFG4u1io8eZNKVyzRu/2YcAEQEA AYkCNgQYAQgAIBYhBGu5Jd0MOOvaaUA763pNnG9dRFyzBQJfRJfLAhsMAAoJEHpN nG9dRFyzHwQP/085O+nePru/ptuy34SSSOmgx0wE+3FuLfPJKARRcISS703zN4Jj lqVjC/NFAa7xVeG0TXNuRGExj0SwmgDPob6gutjy4TE6UmK2s/tO9A9yz0UeAuGz x9wEfL5Y2baL1nTnjL6uiv5HbufIhwZIC+43icG1CG3toe5f5I+qWDPkk9Z0GBVj oeEL5qaDo/efQrN+N4uLOI6kXvNsxZc5IQaStI4Ds2LikFLhWetNo+pl8Ro+CJEk Rsh3WhrIvsX8d1R/6W1vH7BYq/Dk55OeGEuzPM6b2cT9UqkzDF3V8cih1IkkQdKA Lk6IoZzqJsLbkvvEmvXVAMPD7DU7vODnXkqlhGEUJewDmAmclZOPtLr+jlWYeUuL hUIxssVhAj0OtZGJWOIKYYPv4oTUhsSRe0BwiNzdhEKzTKuxflqpzRo7mPBSFX4p pJyAE1QhgPWuTTx8UkoslDINufqClPhOzhmE04GX2QqMiAPfhvu7dK3Y9V2fkOqB unQoJM3LhMBkVE3AIptWO1MV1uEiIXAZvFoPYxhFluFv5RVs6o6beMPwLQx2Jj3T 19UW4EDl2DPVCop9l8JG0tXXYccNMVuSGtUOemvaOWHnTarRo7OgvIBjC69FL3TF okvNhX13nBlY9+9+GdWEWPEtHWSL6x/NbZXomRpzVCCbj1WHzTEIb7KD =mVf5

-----END PGP PUBLIC KEY BLOCK-----

You can fetch the key ID from most public servers with an of “7A4D9C6F5D445CB3” fingerprint of “6BB9 25DD 0C38 EBDA 6940 3BEB 7A4D 9C6F 5D44 5CB3”.