This page contains information about all the external audits we have undergone. As we reach major milestones in development, after rounds of internal review and auditing, we reach out to third parties to verify our sanity, and double/triple check the work that we do.
These security audits are not guarantees of security in the projects they pertain to. They are additional checks from objective third parties to help bolster confidence in the security of intended functionality.
As always, if you find a bug or vulnerability in our code, please report it to firstname.lastname@example.org.
Status currently maintains an ongoing retainer contract with Trail of Bits to help with overall security coverage.
Status currently has a private campaign on the HackerOne platform for bug bounties. We are currently underway to expand this program’s scope and availability post-V1 mobile app release to become public and the de-facto standard method for reporting found vulnerabilities within the Status ecosystem.
There are no current ongoing security audits.
- Started September 30th, 2019
- Ends November 1st, 2019
- Blog post
June 2019 - Sticker Market Repository (with contracts)
- We opted to not request a finalized generated report from Trail of Bits for this audit, and instead tracked problems through a private repository maintained by Trail of Bits. These were then fixed and summarized in the above document.
- All changes in that repository have been merged into the above linked repository.