Security

Security at Subspace

Customers and users put a lot of trust in us and the services we provide them. The security of customer data, our products, and our services are a top priority. We have teams across Security, Software Engineering, Networking, Data, and Operations that work to protect our users and their data.

Our security efforts include not only implementing best practices internally, such as secure software development and internal reviews, but also conducting ongoing external security assessments and threat modeling.

Discover a Vulnerability On a Subspace Service

At this stage, we do not have a bug bounty, however, we are very grateful to anyone responsibly disclosing security vulnerabilities to us. If you would like to report a security vulnerability or breach with regard to Subspace services or infrastructure, please email us.

We politely request that you do not publicly disclose any information regarding the vulnerability or exploit until we have had the opportunity to analyze your report and respond to the notification. We aim to be as transparent as possible and we will keep you informed as much as possible. In order to respond promptly to your report, please include:

  • Easy-to-follow reproduction steps
  • Proof of concept
  • Relevant tools (including versions)
  • Any tool output

Note: We may subsequently ask for information regarding verification and/or clarification.

As part of our commitment to transparency, we will provide you with status updates regarding remediation. If there is a published public security bulletin, the reporter of a vulnerability will receive credit.

How To Contact Us

For all security-related issues, email us at security@subspace.com. If you would like to securely email us, please use the following GPG key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYQxi2hYJKwYBBAHaRw8BAQdAEPpwMAoPkriKQIUoeWTV8YnCyuriN22YLmwJ AjH0KA+0M3NlY3VyaXR5IChzZWN1cml0eSBncGcga2V5KSA8c2VjdXJpdHlAc3Vi c3BhY2UuY29tPoiaBBMWCgBCFiEELHBiTgnzOMgynci7lJGtJiIdBEQFAmEMYtoC GwMFCQeEzgAFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEJSRrSYiHQRE 4q4A/1o3S1Qu4lzmBUYylrpCoc1R4pcToK82gOCkezd/82AvAP9H4HTh6SKWubXT /ebIM7Q3WH7bnGw8Q6s0el8OocSeCbg4BGEMYtoSCisGAQQBl1UBBQEBB0Cn8x+x 7N2/4lGvVrCCE2uct68Rb8j/KrRIPQN/hFRhKQMBCAeIfgQYFgoAJhYhBCxwYk4J 8zjIMp3Iu5SRrSYiHQREBQJhDGLaAhsMBQkHhM4AAAoJEJSRrSYiHQREFpMA/3k3 ABrzQVD9AJC6UrWoOlZnDPoSG6fCsupm+O3aegiJAP9BU1mm04dH8hDxrZktII+c /C17DChlY6eWdEHUnT2pApgzBGEMY3UWCSsGAQQB2kcPAQEHQO5vcnDuzuJSx/3Q iHmLNWZ3EJdyO+MwYG7DZP5l5YETtCBTZWN1cml0eSA8c2VjdXJpdHlAc3Vic3Bh Y2UuY29tPoiaBBMWCgBCFiEEpx1Ud3A27evNuCSpHjzT7GJBohsFAmEMY3UCGwMF CQeEzgAFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEB480+xiQaIbgEsA /jvaDbp1eLTFUzrYQjxzDQ0FKQONxn7Si/eIDD/8FGkJAP459Ce9FxeVm4EX3dff uP9EOH7biLMvnwvh3DnlFbWUDLg4BGEMY3USCisGAQQBl1UBBQEBB0CIwCEEolcj Ih408xgRgofLVr3TjPEl8aPdNS0Ph9wmawMBCAeIfgQYFgoAJhYhBKcdVHdwNu3r zbgkqR480+xiQaIbBQJhDGN1AhsMBQkHhM4AAAoJEB480+xiQaIb8LkA/RUw5fTl hK98ZOSl5Y6Ih8GGXiQsQkEPksaYOnfROvSpAQCOfUHeaItAQPnZRn6AzuCdrHJG Pj2u3NWOz8zmUDGtDw== =jXZg

-----END PGP PUBLIC KEY BLOCK-----

You can fetch the key ID from most public servers with an of “7A4D9C6F5D445CB3” fingerprint of “6BB9 25DD 0C38 EBDA 6940 3BEB 7A4D 9C6F 5D44 5CB3”.