[{"id":3736179,"new_policy":"At Hiro, we are dedicated to building developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin.\n\nEnsuring the safety and security of our products is of utmost importance to us. We highly value the contributions of external security researchers and appreciate their invaluable efforts in enhancing the security of the Stacks ecosystem.\n\nIf you have discovered a bug or vulnerability in any of our products, we encourage you to report it to us. We will work closely with you to investigate and resolve the issue promptly.\n\n# Rewards\n\nWe offer rewards based on the severity of the bugs you discover. The following table outlines the reward ranges for different bug severities:\n\n| Severity               | Reward |\n| ---------------------- | ------ |\n| Low severity bugs      | $50+   |\n| Medium severity bugs   | $150+  |\n| High severity bugs     | $300+  |\n| Critical severity bugs | $600+  |\n\nPlease note that these are just general guidelines, and actual rewards will be determined based on the severity and impact of the reported vulnerabilities.\n\nWe will process and reward bounties promptly after triage.\n\n# Scope\nThe following Hiro products and repositories are in scope for the bug bounty program:\n\n- **[Stacks Explorer](https://explorer.stacks.co/)**: Observability tool for the Stacks Blockchain. **[GitHub repository](https://github.com/hirosystems/)**\n- **[Hiro Platform](https://platform.hiro.so/)**: A web app that aims to bring all our tools under one DX. (Closed-source project)\n- **[Stacks Blockchain API](https://www.hiro.so/stacks-api)**: Stacks public REST API **[GitHub repository](https://github.com/hirosystems/stacks-blockchain-api)**\n- **[Chainhooks](https://github.com/hirosystems/chainhook)**: Indexing engine that helps developers extract on-chain data.\n- **[Clarinet](https://www.hiro.so/clarinet)**: CLI tool that facilitates writing, testing, integrating, and deploying Clarity smart contracts. **[GitHub repository](https://github.com/hirosystems/clarinet)**\n- **[Clarity VSCode Extension](https://marketplace.visualstudio.com/items?itemName=HiroSystems.clarity-lsp)**: Provides validation, syntax highlighting, code completion, and debugging for Clarity smart contracts. **[GitHub repository](https://github.com/hirosystems/vscode-extensions)**\n- **[Stacks.js](https://www.hiro.so/stacks-js)**: JavaScript SDK for apps on Stacks. **[GitHub repository](https://github.com/hirosystems/stacks.js)**\n- **[Stacks Subnets](https://github.com/hirosystems/stacks-subnets)**: Layer-2 scaling solution in the Stacks blockchain.\n- **[Ordinals Explorer](https://ordinals.hiro.so/)**: Observability tool for the Ordinals protocol. **[GitHub repository](https://github.com/hirosystems/ordinals-explorer)**\n- **[Ordinals API](https://github.com/hirosystems/ordinals-api)**: Ordinals REST API\n\n# Out of scope\n\nThe following items are considered out of scope for the Hiro bug bounty program:\n\n- **Stacks Blockchain**: For issues related to the Stacks blockchain, please report them through the [Stacks Blockchain Bounty Program](https://immunefi.com/bounty/stacks/).\n- **Ordinals Protocol**: The Hiro bug bounty program does not cover reports related to the Ordinals protocol nor [Hiro's Ordinals Explorer](https://ordinals.hiro.so/).\n- **Bitcoin**: Reports related to the Bitcoin blockchain are also out of scope for the Hiro bug bounty program.\n- **[Stacks Wallet for desktop](https://www.hiro.so/wallet/install-desktop)**: (macOS, Windows, or Linux) **[GitHub repository](https://github.com/blockstack/stacks-wallet)**\n- **[Stacks Wallet for the web](https://www.hiro.so/wallet/install-web)**: (Chrome, Brave, or Firefox) **[GitHub repository](https://github.com/blockstack/stacks-wallet-web/)**\n\n# Disclosure Policy\n\nWe kindly request that you adhere to the following guidelines when participating in our program:\n\n- Upon discovering a potential security issue, please notify us as soon as possible, and after the investigation and thorough evaluation, we will make every effort to resolve the issue promptly.\n- Please provide us with a reasonable amount of time to investigate and address the issue before disclosing it to the public or any third party. Our team is available Monday to Friday and will make a best effort to meet the following SLAs for hackers participating in our program:\n    - **First Response:** 2 business days\n    - **Time to Triage:** 7 business days\n    - **Time to Resolution:** will depend on severity and complexity\n- Make a good faith effort to avoid privacy violations, data destruction, and interruption or degradation of our services. Only interact with accounts you own or with explicit permission from the account holder.\n- We request that you refrain from engaging in activities such as:\n    - Denial of service attacks\n    - Spamming\n    - Social engineering (including phishing) targeting Hiro PBC staff or contractors\n    - or any physical attempts against Hiro PBC property or data centers.\n\nThank you for your valuable contributions to maintaining the security of Hiro and our users. We greatly appreciate your efforts in helping us create a safe and reliable Stacks ecosystem.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2024-08-14T21:20:19.165Z"},{"id":3700754,"new_policy":"At Hiro, we are dedicated to building developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin.\n\nEnsuring the safety and security of our products is of utmost importance to us. We highly value the contributions of external security researchers and appreciate their invaluable efforts in enhancing the security of the Stacks ecosystem.\n\nIf you have discovered a bug or vulnerability in any of our products, we encourage you to report it to us. We will work closely with you to investigate and resolve the issue promptly.\n\n# Rewards\n\nWe offer rewards based on the severity of the bugs you discover. The following table outlines the reward ranges for different bug severities:\n\n| Severity               | Reward |\n| ---------------------- | ------ |\n| Low severity bugs      | $50+   |\n| Medium severity bugs   | $150+  |\n| High severity bugs     | $300+  |\n| Critical severity bugs | $600+  |\n\nPlease note that these are just general guidelines, and actual rewards will be determined based on the severity and impact of the reported vulnerabilities.\n\nWe will process and reward bounties promptly after triage.\n\n# Scope\nThe following Hiro products and repositories are in scope for the bug bounty program:\n\n- **[Stacks Explorer](https://explorer.stacks.co/)**: Observability tool for the Stacks Blockchain. **[GitHub repository](https://github.com/hirosystems/)**\n- **[Hiro Platform](https://platform.hiro.so/)**: A web app that aims to bring all our tools under one DX. (Closed-source project)\n- **[Stacks Blockchain API](https://www.hiro.so/stacks-api)**: Stacks public REST API **[GitHub repository](https://github.com/hirosystems/stacks-blockchain-api)**\n- **[Chainhooks](https://github.com/hirosystems/chainhook)**: Indexing engine that helps developers extract on-chain data.\n- **[Clarinet](https://www.hiro.so/clarinet)**: CLI tool that facilitates writing, testing, integrating, and deploying Clarity smart contracts. **[GitHub repository](https://github.com/hirosystems/clarinet)**\n- **[Clarity VSCode Extension](https://marketplace.visualstudio.com/items?itemName=HiroSystems.clarity-lsp)**: Provides validation, syntax highlighting, code completion, and debugging for Clarity smart contracts. **[GitHub repository](https://github.com/hirosystems/vscode-extensions)**\n- **[Stacks.js](https://www.hiro.so/stacks-js)**: JavaScript SDK for apps on Stacks. **[GitHub repository](https://github.com/hirosystems/stacks.js)**\n- **[Stacks Subnets](https://github.com/hirosystems/stacks-subnets)**: Layer-2 scaling solution in the Stacks blockchain.\n- **[Ordinals Explorer](https://ordinals.hiro.so/)**: Observability tool for the Ordinals protocol. **[GitHub repository](https://github.com/hirosystems/ordinals-explorer)**\n- **[Ordinals API](https://github.com/hirosystems/ordinals-api)**: Ordinals REST API\n\n# Out of scope\n\nThe following items are considered out of scope for the Hiro bug bounty program:\n\n- **Stacks Blockchain**: For issues related to the Stacks blockchain, please report them through the [Stacks Blockchain Bounty Program](https://immunefi.com/bounty/stacks/).\n- **Ordinals Protocol**: The Hiro bug bounty program does not cover reports related to the Ordinals protocol.\n- **Bitcoin**: Reports related to the Bitcoin blockchain are also out of scope for the Hiro bug bounty program.\n- **[Stacks Wallet for desktop](https://www.hiro.so/wallet/install-desktop)**: (macOS, Windows, or Linux) **[GitHub repository](https://github.com/blockstack/stacks-wallet)**\n- **[Stacks Wallet for the web](https://www.hiro.so/wallet/install-web)**: (Chrome, Brave, or Firefox) **[GitHub repository](https://github.com/blockstack/stacks-wallet-web/)**\n\n# Disclosure Policy\n\nWe kindly request that you adhere to the following guidelines when participating in our program:\n\n- Upon discovering a potential security issue, please notify us as soon as possible, and after the investigation and thorough evaluation, we will make every effort to resolve the issue promptly.\n- Please provide us with a reasonable amount of time to investigate and address the issue before disclosing it to the public or any third party. Our team is available Monday to Friday and will make a best effort to meet the following SLAs for hackers participating in our program:\n    - **First Response:** 2 business days\n    - **Time to Triage:** 7 business days\n    - **Time to Resolution:** will depend on severity and complexity\n- Make a good faith effort to avoid privacy violations, data destruction, and interruption or degradation of our services. Only interact with accounts you own or with explicit permission from the account holder.\n- We request that you refrain from engaging in activities such as:\n    - Denial of service attacks\n    - Spamming\n    - Social engineering (including phishing) targeting Hiro PBC staff or contractors\n    - or any physical attempts against Hiro PBC property or data centers.\n\nThank you for your valuable contributions to maintaining the security of Hiro and our users. We greatly appreciate your efforts in helping us create a safe and reliable Stacks ecosystem.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2023-08-31T17:20:33.297Z"},{"id":3689036,"new_policy":"At Hiro, we are dedicated to building developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin.\n\nEnsuring the safety and security of our products is of utmost importance to us. We highly value the contributions of external security researchers and appreciate their invaluable efforts in enhancing the security of the Stacks ecosystem.\n\nIf you have discovered a bug or vulnerability in any of our products, we encourage you to report it to us. We will work closely with you to investigate and resolve the issue promptly.\n\n# Rewards\n\nWe offer rewards based on the severity of the bugs you discover. The following table outlines the reward ranges for different bug severities:\n\n| Severity               | Reward |\n| ---------------------- | ------ |\n| Low severity bugs      | $50+   |\n| Medium severity bugs   | $150+  |\n| High severity bugs     | $300+  |\n| Critical severity bugs | $600+  |\n\nPlease note that these are just general guidelines, and actual rewards will be determined based on the severity and impact of the reported vulnerabilities.\n\nWe will process and reward bounties promptly after triage.\n\n# Scope\nThe following Hiro products and repositories are in scope for the bug bounty program:\n\n- **[Stacks Explorer](https://explorer.stacks.co/)**: Observability tool for the Stacks Blockchain. **[GitHub repository](https://github.com/hirosystems/)**\n- **[Hiro Platform](https://platform.hiro.so/)**: A web app that aims to bring all our tools under one DX. (Closed-source project)\n- **[Stacks Blockchain API](https://www.hiro.so/stacks-api)**: Stacks public REST API **[GitHub repository](https://github.com/hirosystems/stacks-blockchain-api)**\n- **[Chainhooks](https://github.com/hirosystems/chainhook)**: Indexing engine that helps developers extract on-chain data.\n- **[Clarinet](https://www.hiro.so/clarinet)**: CLI tool that facilitates writing, testing, integrating, and deploying Clarity smart contracts. **[GitHub repository](https://github.com/hirosystems/clarinet)**\n- **[Clarity VSCode Extension](https://marketplace.visualstudio.com/items?itemName=HiroSystems.clarity-lsp)**: Provides validation, syntax highlighting, code completion, and debugging for Clarity smart contracts. **[GitHub repository](https://github.com/hirosystems/vscode-extensions)**\n- **[Stacks.js](https://www.hiro.so/stacks-js)**: JavaScript SDK for apps on Stacks. **[GitHub repository](https://github.com/hirosystems/stacks.js)**\n- **[Stacks Subnets](https://github.com/hirosystems/stacks-subnets)**: Layer-2 scaling solution in the Stacks blockchain.\n- **[Ordinals Explorer](https://ordinals.hiro.so/)**: Observability tool for the Ordinals protocol. **[GitHub repository](https://github.com/hirosystems/ordinals-explorer)**\n- **[Ordinals API](https://github.com/hirosystems/ordinals-api)**: Ordinals REST API\n- **[Stacks Wallet for desktop](https://www.hiro.so/wallet/install-desktop)**: (macOS, Windows, or Linux) **[GitHub repository](https://github.com/blockstack/stacks-wallet)**\n- **[Stacks Wallet for the web](https://www.hiro.so/wallet/install-web)**: (Chrome, Brave, or Firefox) **[GitHub repository](https://github.com/blockstack/stacks-wallet-web/)**\n\n# Out of scope\n\nThe following items are considered out of scope for the Hiro bug bounty program:\n\n- **Stacks Blockchain**: For issues related to the Stacks blockchain, please report them through the [Stacks Blockchain Bounty Program](https://immunefi.com/bounty/stacks/).\n- **Ordinals Protocol**: The Hiro bug bounty program does not cover reports related to the Ordinals protocol.\n- **Bitcoin**: Reports related to the Bitcoin blockchain are also out of scope for the Hiro bug bounty program.\n\n# Disclosure Policy\n\nWe kindly request that you adhere to the following guidelines when participating in our program:\n\n- Upon discovering a potential security issue, please notify us as soon as possible, and after the investigation and thorough evaluation, we will make every effort to resolve the issue promptly.\n- Please provide us with a reasonable amount of time to investigate and address the issue before disclosing it to the public or any third party. Our team is available Monday to Friday and will make a best effort to meet the following SLAs for hackers participating in our program:\n    - **First Response:** 2 business days\n    - **Time to Triage:** 7 business days\n    - **Time to Resolution:** will depend on severity and complexity\n- Make a good faith effort to avoid privacy violations, data destruction, and interruption or degradation of our services. Only interact with accounts you own or with explicit permission from the account holder.\n- We request that you refrain from engaging in activities such as:\n    - Denial of service attacks\n    - Spamming\n    - Social engineering (including phishing) targeting Hiro PBC staff or contractors\n    - or any physical attempts against Hiro PBC property or data centers.\n\nThank you for your valuable contributions to maintaining the security of Hiro and our users. We greatly appreciate your efforts in helping us create a safe and reliable Stacks ecosystem.\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2023-06-07T19:24:05.695Z"},{"id":3672615,"new_policy":"At Hiro PBC we build developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin. \n\nKeeping our user's assets safe and secure is a top priority. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of the Stacks ecosystem.\n\nWe provide a desktop cryptocurrency wallet called [Stacks Wallet](https://www.hiro.so/wallet/install-desktop) so our developers, users, and investors alike can manage their STX tokens. We need your help securing over $1 billion in market capitalization through the protection of this product.\n\nIf you've found a bug in the Stacks Wallet for desktop, please notify us and we'll work with you to resolve this issue as soon as possible.\n\n**Important note:** Hackerone bounties are not available for other products or libraries provided by Hiro PBC at this time.\n\nThanks for being a part of the Stacks community.\n\n# Rewards\n\n| Severity               | Reward |\n| ---------------------- | ------ |\n| Low severity bugs      | $50+   |\n| Medium severity bugs   | $150+  |\n| High severity bugs     | $300+  |\n| Critical severity bugs | $600+  |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\n- [Stacks Wallet for desktop](https://www.hiro.so/wallet/install-desktop) (macOS, Windows, or Linux) [Github repository](https://github.com/blockstack/stacks-wallet)\n- [Stacks Wallet for the web](https://www.hiro.so/wallet/install-web) (Chrome, Brave, or FireFox) [Github repository](https://github.com/blockstack/stacks-wallet-web/)\n- [Stacks Explorer](https://explorer.stacks.co/) [Github repository](https://github.com/hirosystems/explorer/)\n\n# Out of scope\n\nAnything else provided by Hiro PBC is out of scope and not eligible for rewards at this time.\n\nFor blockchain related issues, please report them here:\n- [Stacks Blockchain program](https://immunefi.com/bounty/stacks/)\n\n# Disclosure Policy\n\n- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\nExclusions\n\nWhile researching, we'd like to ask you to refrain from:\n\n- Denial of service\n- Spamming\n- Social engineering (including phishing) of Hiro PBC staff or contractors\n- Any physical attempts against Hiro PBC property or data centers\n\nThank you for helping keep Hiro and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2022-06-10T14:21:08.896Z"},{"id":3671835,"new_policy":"At Hiro PBC we build developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin. \n\nKeeping our user's assets safe and secure is a top priority. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of the Stacks ecosystem.\n\nWe provide a desktop cryptocurrency wallet called [Stacks Wallet](https://www.hiro.so/wallet/install-desktop) so our developers, users, and investors alike can manage their STX tokens. We need your help securing over $1 billion in market capitalization through the protection of this product.\n\nIf you've found a bug in the Stacks Wallet for desktop, please notify us and we'll work with you to resolve this issue as soon as possible.\n\n**Important note:** Hackerone bounties are not available for other products or libraries provided by Hiro PBC at this time.\n\nThanks for being a part of the Stacks community.\n\n# Rewards\n\n| Severity               | Reward |\n| ---------------------- | ------ |\n| Low severity bugs      | $50+   |\n| Medium severity bugs   | $150+  |\n| High severity bugs     | $300+  |\n| Critical severity bugs | $600+  |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\n- [Stacks Wallet for desktop](https://www.hiro.so/wallet/install-desktop) (macOS, Windows, or Linux) [Github repository](https://github.com/blockstack/stacks-wallet)\n- [Stacks Wallet for the web](https://www.hiro.so/wallet/install-web) (Chrome, Brave, or FireFox) [Github repository](https://github.com/blockstack/stacks-wallet-web/)\n\n# Out of scope\n\nAnything else provided by Hiro PBC is out of scope and not eligible for rewards at this time.\n\nFor blockchain related issues, please report them here:\n- [Stacks Blockchain program](https://immunefi.com/bounty/stacks/)\n\n# Disclosure Policy\n\n- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\nExclusions\n\nWhile researching, we'd like to ask you to refrain from:\n\n- Denial of service\n- Spamming\n- Social engineering (including phishing) of Hiro PBC staff or contractors\n- Any physical attempts against Hiro PBC property or data centers\n\nThank you for helping keep Hiro and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2022-05-23T11:28:40.886Z"},{"id":3660807,"new_policy":"At Hiro PBC we build developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin. \n\nKeeping our user's assets safe and secure is a top priority. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of the Stacks ecosystem.\n\nWe provide a desktop cryptocurrency wallet called [Stacks Wallet](https://www.hiro.so/wallet/install-desktop) so our developers, users, and investors alike can manage their STX tokens. We need your help securing over $1 billion in market capitalization through the protection of this product.\n\nIf you've found a bug in the Stacks Wallet for desktop, please notify us and we'll work with you to resolve this issue as soon as possible.\n\n**Important note:** Hackerone bounties are not available for other products or libraries provided by Hiro PBC at this time.\n\nThanks for being a part of the Stacks community.\n\n# Rewards\n\n| Severity               | Reward |\n| ---------------------- | ------ |\n| Low severity bugs      | $50+   |\n| Medium severity bugs   | $150+  |\n| High severity bugs     | $300+  |\n| Critical severity bugs | $600+  |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\n- [Stacks Wallet for desktop](https://www.hiro.so/wallet/install-desktop) (macOS, Windows, or Linux) [Github repository](https://github.com/blockstack/stacks-wallet)\n- [Stacks Wallet for the web](https://www.hiro.so/wallet/install-web) (Chrome, Brave, or FireFox) [Github repository](https://github.com/blockstack/stacks-wallet-web/)\n- [Stacks Blockchain](https://github.com/blockstack/stacks-blockchain)\n\n# Out of scope\n\nAnything else provided by Hiro PBC is out of scope and not eligible for rewards at this time.\n\n# Disclosure Policy\n\n- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\nExclusions\n\nWhile researching, we'd like to ask you to refrain from:\n\n- Denial of service\n- Spamming\n- Social engineering (including phishing) of Hiro PBC staff or contractors\n- Any physical attempts against Hiro PBC property or data centers\n\nThank you for helping keep Hiro and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2021-10-29T17:53:52.549Z"},{"id":3654118,"new_policy":"At Hiro PBC we build developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin. \n\nKeeping our user's assets safe and secure is a top priority. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of the Stacks ecosystem.\n\nWe provide a desktop cryptocurrency wallet called [Stacks Wallet](https://www.hiro.so/wallet/install-desktop) so our developers, users, and investors alike can manage their STX tokens. We need your help securing over $1 billion in market capitalization through the protection of this product.\n\nIf you've found a bug in the Stacks Wallet for desktop, please notify us and we'll work with you to resolve this issue as soon as possible.\n\n**Important note:** Hackerone bounties are not available for other products or libraries provided by Hiro PBC at this time.\n\nThanks for being a part of the Stacks community.\n\n# Rewards\n\n| Severity               | Reward |\n| ---------------------- | ------ |\n| Very low severity bugs | $25+   |\n| Low severity bugs      | $50+   |\n| Medium severity bugs   | $150+  |\n| High severity bugs     | $300+  |\n| Critical severity bugs | $600+  |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\n- [Stacks Wallet for desktop](https://www.hiro.so/wallet/install-desktop) (macOS, Windows, or Linux) [Github repository](https://github.com/blockstack/stacks-wallet)\n- [Stacks Wallet for the web](https://www.hiro.so/wallet/install-web) (Chrome, Brave, or FireFox) [Github repository](https://github.com/blockstack/stacks-wallet-web/)\n- [Stacks Blockchain](https://github.com/blockstack/stacks-blockchain)\n\n# Out of scope\n\nAnything else provided by Hiro PBC is out of scope and not eligible for rewards at this time.\n\n# Disclosure Policy\n\n- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\nExclusions\n\nWhile researching, we'd like to ask you to refrain from:\n\n- Denial of service\n- Spamming\n- Social engineering (including phishing) of Hiro PBC staff or contractors\n- Any physical attempts against Hiro PBC property or data centers\n\nThank you for helping keep Hiro and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2021-06-30T12:59:14.735Z"},{"id":3654117,"new_policy":"At Hiro PBC we build developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin. \n\nKeeping our user's assets safe and secure is a top priority. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of the Stacks ecosystem.\n\nWe provide a desktop cryptocurrency wallet called [Stacks Wallet](https://www.hiro.so/wallet/install-desktop) so our developers, users, and investors alike can manage their STX tokens. We need your help securing over $1 billion in market capitalization through the protection of this product.\n\nIf you've found a bug in the Stacks Wallet for desktop, please notify us and we'll work with you to resolve this issue as soon as possible.\n\n**Important note:** Hackerone bounties are not available for other products or libraries provided by Hiro PBC at this time.\n\nThanks for being a part of the Stacks community.\n\n# Rewards\n\n| Severity               | Reward |\n| ---------------------- | ------ |\n| Very low severity bugs | $25+   |\n| Low severity bugs      | $50+   |\n| Medium severity bugs   | $150+  |\n| High severity bugs     | $300+  |\n| Critical severity bugs | $600+  |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\n- [Stacks Wallet for desktop](https://www.hiro.so/wallet/install-desktop) (macOS, Windows, or Linux) [Github repository](https://github.com/blockstack/stacks-wallet)\n- [Stacks Wallet for desktop](https://www.hiro.so/wallet/install-web) (Chrome, Brave, or FireFox) [Github repository](https://github.com/blockstack/stacks-wallet-web/)\n- [Stacks Blockchain](https://github.com/blockstack/stacks-blockchain)\n\n# Out of scope\n\nAnything else provided by Hiro PBC is out of scope and not eligible for rewards at this time.\n\n# Disclosure Policy\n\n- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\nExclusions\n\nWhile researching, we'd like to ask you to refrain from:\n\n- Denial of service\n- Spamming\n- Social engineering (including phishing) of Hiro PBC staff or contractors\n- Any physical attempts against Hiro PBC property or data centers\n\nThank you for helping keep Hiro and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2021-06-30T12:58:45.117Z"},{"id":3650986,"new_policy":"At Hiro PBC we build developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin. \n\nKeeping our user's assets safe and secure is a top priority. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of the Stacks ecosystem.\n\nWe provide a desktop cryptocurrency wallet called [Stacks Wallet](https://www.hiro.so/wallet/install-desktop) so our developers, users, and investors alike can manage their STX tokens. We need your help securing over $1 billion in market capitalization through the protection of this product.\n\nIf you've found a bug in the Stacks Wallet for desktop, please notify us and we'll work with you to resolve this issue as soon as possible.\n\n**Important note:** Hackerone bounties are not available for other products or libraries provided by Hiro PBC at this time.\n\nThanks for being a part of the Stacks community.\n\n# Rewards\n\n| Severity               | Reward |\n| ---------------------- | ------ |\n| Very low severity bugs | $25+   |\n| Low severity bugs      | $50+   |\n| Medium severity bugs   | $150+  |\n| High severity bugs     | $300+  |\n| Critical severity bugs | $600+  |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\n- [Stacks Wallet for desktop](https://www.hiro.so/wallet/install-desktop) (macOS, Windows, or Linux) [Github repository](https://github.com/blockstack/stacks-wallet)\n- [Stacks Blockchain](https://github.com/blockstack/stacks-blockchain)\n\n# Out of scope\n\nAnything else provided by Hiro PBC is out of scope and not eligible for rewards at this time.\n\n# Disclosure Policy\n\n- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\nExclusions\n\nWhile researching, we'd like to ask you to refrain from:\n\n- Denial of service\n- Spamming\n- Social engineering (including phishing) of Hiro PBC staff or contractors\n- Any physical attempts against Hiro PBC property or data centers\n\nThank you for helping keep Hiro and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2021-04-09T14:24:07.385Z"},{"id":3649947,"new_policy":"At Hiro PBC we build developer tools for the Stacks blockchain, which enables apps and smart contracts on Bitcoin. \n\nKeeping our user's assets safe and secure is a top priority. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of the Stacks ecosystem.\n\nWe provide a desktop cryptocurrency wallet called [Stacks Wallet](https://www.hiro.so/wallet/install-desktop) so our developers, users, and investors alike can manage their STX tokens. We need your help securing over $1 billion in market capitalization through the protection of this product.\n\nIf you've found a bug in the Stacks Wallet for desktop, please notify us and we'll work with you to resolve this issue as soon as possible.\n\n**Important note:** Hackerone bounties are not available for other products or libraries provided by Hiro PBC at this time.\n\nThanks for being a part of the Stacks community.\n\n# Rewards\n\n| Severity               | Reward |\n| ---------------------- | ------ |\n| Very low severity bugs | $25+   |\n| Low severity bugs      | $50+   |\n| Medium severity bugs   | $150+  |\n| High severity bugs     | $300+  |\n| Critical severity bugs | $600+  |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\n- [Stacks Wallet for desktop](https://www.hiro.so/wallet/install-desktop) (macOS, Windows, or Linux) [Github repository](https://github.com/blockstack/stacks-wallet)\n\n# Out of scope\n\nAnything else provided by Hiro PBC is out of scope and not eligible for rewards at this time.\n\n# Disclosure Policy\n\n- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\nExclusions\n\nWhile researching, we'd like to ask you to refrain from:\n\n- Denial of service\n- Spamming\n- Social engineering (including phishing) of Hiro PBC staff or contractors\n- Any physical attempts against Hiro PBC property or data centers\n\nThank you for helping keep Hiro and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2021-03-16T15:54:48.437Z"},{"id":3625644,"new_policy":"# Welcome\n\nBlockstack is building a new decentralized internet where users own their data and apps run without remote servers.\n\nWe're rethinking DNS, identity, authentication, and application infrastructure and working to make the internet a better place.\n\nThat said, we can't get there without the dedicated work of skilled security researchers like yourself.\n\nWe want your help and together we can make the internet safer and more free.\n\nIf you've found a bug in our products or supporting libraries, please notify us and we'll work with you to resolve this issue as soon as possible.\n\nThanks for being a part of the Blockstack community.\n\n# Rewards\n\n| Severity | Reward |\n|------------------------|-------|\n| Very low severity bugs | $25+ |\n| Low severity bugs | $50+ |\n| Medium severity bugs | $150+ |\n| High severity bugs | $300+ |\n| Critical severity bugs | $600+ |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\nMain projects:\n\n* [Blockstack Core](https://github.com/blockstack/blockstack-core) - the `blockstack_registrar` folder is deprecated code and is out of review scope.  \n* [Blockstack Browser](https://github.com/blockstack/blockstack-browser) - the Blockstack browser uses a client-side authentication scheme, this means that user sessions are not related across multiple devices, and \"signing out\" of one device will not affect others. Reports related to this behavior will not be accepted.\n\nSupporting Python libraries:\n\n* [Virtualchain](https://github.com/blockstack/blockstack-virtualchain)\n* [Keylib](https://github.com/blockstack/keylib-py)\n* [jsontokens-py](https://github.com/blockstack/jsontokens-py)\n\nSupporting JavaScript libraries:\n\n* [blockstack.js](https://github.com/blockstack/blockstack.js)\n* [jsontokens-js](https://github.com/blockstack/jsontokens-js)\n\nThe main Blockstack website:\n\n* [The Blockstack Website](blockstack.org)\n\n# Out of Scope\n\n* [Blockstack Community Rewards Program](contribute.blockstack.org)\n* Other website subdomains of blockstack.org (e.g., vote.blockstack.org)\n* Error pages of Blockstack websites which may reflect the page not-found (i.e., \"404 responses\"). \n* Issues related to arbitrary data uploads in the Gaia protocol. This protocol is a decentralized and user-controlled file storage protocol. It allows arbitrary file uploads by design.\n* Issues already filed in public Github issues. We may move an issue from HackerOne over to our public Github repositories, and in doing so, mark the HackerOne issue resolved so that we can disclose it. However, as long as the issue remains open on Github, we will not accept new reports for that same issue.\n\n# Disclosure Policy\n* Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n* Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n* Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n# Exclusions\nWhile researching, we'd like to ask you to refrain from:\n* Denial of service\n* Spamming\n* Social engineering (including phishing) of Blockstack staff or contractors\n* Any physical attempts against Blockstack property or data centers\n\nThank you for helping keep Blockstack and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2019-12-09T14:52:30.401Z"},{"id":3618537,"new_policy":"# Welcome\n\nBlockstack is building a new decentralized internet where users own their data and apps run without remote servers.\n\nWe're rethinking DNS, identity, authentication, and application infrastructure and working to make the internet a better place.\n\nThat said, we can't get there without the dedicated work of skilled security researchers like yourself.\n\nWe want your help and together we can make the internet safer and more free.\n\nIf you've found a bug in our products or supporting libraries, please notify us and we'll work with you to resolve this issue as soon as possible.\n\nThanks for being a part of the Blockstack community.\n\n# Rewards\n\n| Severity | Reward |\n|------------------------|-------|\n| Very low severity bugs | $25+ |\n| Low severity bugs | $50+ |\n| Medium severity bugs | $150+ |\n| High severity bugs | $300+ |\n| Critical severity bugs | $600+ |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\nMain projects:\n\n* [Blockstack Core](https://github.com/blockstack/blockstack-core) - the `blockstack_registrar` folder is deprecated code and is out of review scope.  \n* [Blockstack Browser](https://github.com/blockstack/blockstack-browser)\n\nSupporting Python libraries:\n\n* [Virtualchain](https://github.com/blockstack/blockstack-virtualchain)\n* [Keylib](https://github.com/blockstack/keylib-py)\n* [jsontokens-py](https://github.com/blockstack/jsontokens-py)\n\nSupporting JavaScript libraries:\n\n* [blockstack.js](https://github.com/blockstack/blockstack.js)\n* [jsontokens-js](https://github.com/blockstack/jsontokens-js)\n\nThe main Blockstack website:\n\n* [The Blockstack Website](blockstack.org)\n\n# Out of Scope\n\n* [Blockstack Community Rewards Program](contribute.blockstack.org)\n* Other website subdomains of blockstack.org (e.g., vote.blockstack.org)\n* Error pages of Blockstack websites which may reflect the page not-found (i.e., \"404 responses\"). \n* Issues related to arbitrary data uploads in the Gaia protocol. This protocol is a decentralized and user-controlled file storage protocol. It allows arbitrary file uploads by design.\n* Issues already filed in public Github issues. We may move an issue from HackerOne over to our public Github repositories, and in doing so, mark the HackerOne issue resolved so that we can disclose it. However, as long as the issue remains open on Github, we will not accept new reports for that same issue.\n\n# Disclosure Policy\n* Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n* Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n* Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n# Exclusions\nWhile researching, we'd like to ask you to refrain from:\n* Denial of service\n* Spamming\n* Social engineering (including phishing) of Blockstack staff or contractors\n* Any physical attempts against Blockstack property or data centers\n\nThank you for helping keep Blockstack and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2019-09-09T16:52:18.186Z"},{"id":3590891,"new_policy":"# Welcome\n\nBlockstack is building a new decentralized internet where users own their data and apps run without remote servers.\n\nWe're rethinking DNS, identity, authentication, and application infrastructure and working to make the internet a better place.\n\nThat said, we can't get there without the dedicated work of skilled security researchers like yourself.\n\nWe want your help and together we can make the internet safer and more free.\n\nIf you've found a bug in our products or supporting libraries, please notify us and we'll work with you to resolve this issue as soon as possible.\n\nThanks for being a part of the Blockstack community.\n\n# Rewards\n\n| Severity | Reward |\n|------------------------|-------|\n| Very low severity bugs | $25+ |\n| Low severity bugs | $50+ |\n| Medium severity bugs | $150+ |\n| High severity bugs | $300+ |\n| Critical severity bugs | $600+ |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\nMain projects:\n\n* [Blockstack Core](https://github.com/blockstack/blockstack-core) - the `blockstack_registrar` folder is deprecated code and is out of review scope.  \n* [Blockstack Portal](https://github.com/blockstack/blockstack-portal)\n\nSupporting Python libraries:\n\n* [Virtualchain](https://github.com/blockstack/blockstack-virtualchain)\n* [Keylib](https://github.com/blockstack/keylib-py)\n* [jsontokens-py](https://github.com/blockstack/jsontokens-py)\n\nSupporting JavaScript libraries:\n\n* [blockstack.js](https://github.com/blockstack/blockstack.js)\n* [jsontokens-js](https://github.com/blockstack/jsontokens-js)\n\nSupporting Ruby libraries:\n\n* [Blockstack Ruby](https://github.com/blockstack/blockstack-ruby)\n\nThe main Blockstack website:\n\n* [The Blockstack Website](blockstack.org)\n\n# Out of Scope\n\n* [Blockstack Community Rewards Program](contribute.blockstack.org)\n* Other website subdomains of blockstack.org (e.g., vote.blockstack.org)\n* Error pages of Blockstack websites which may reflect the page not-found (i.e., \"404 responses\"). \n\n# Disclosure Policy\n* Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n* Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n* Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n# Exclusions\nWhile researching, we'd like to ask you to refrain from:\n* Denial of service\n* Spamming\n* Social engineering (including phishing) of Blockstack staff or contractors\n* Any physical attempts against Blockstack property or data centers\n\nThank you for helping keep Blockstack and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2018-10-08T16:48:59.488Z"},{"id":3584881,"new_policy":"# Welcome\n\nBlockstack is building a new decentralized internet where users own their data and apps run without remote servers.\n\nWe're rethinking DNS, identity, authentication, and application infrastructure and working to make the internet a better place.\n\nThat said, we can't get there without the dedicated work of skilled security researchers like yourself.\n\nWe want your help and together we can make the internet safer and more free.\n\nIf you've found a bug in our products or supporting libraries, please notify us and we'll work with you to resolve this issue as soon as possible.\n\nThanks for being a part of the Blockstack community.\n\n# Rewards\n\n| Severity | Reward |\n|------------------------|-------|\n| Very low severity bugs | $25+ |\n| Low severity bugs | $50+ |\n| Medium severity bugs | $150+ |\n| High severity bugs | $300+ |\n| Critical severity bugs | $600+ |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\nMain projects:\n\n* [Blockstack Core](https://github.com/blockstack/blockstack-core) - the `blockstack_registrar` folder is deprecated code and is out of review scope.  \n* [Blockstack Portal](https://github.com/blockstack/blockstack-portal)\n\nSupporting Python libraries:\n\n* [Virtualchain](https://github.com/blockstack/blockstack-virtualchain)\n* [Keylib](https://github.com/blockstack/keylib-py)\n* [jsontokens-py](https://github.com/blockstack/jsontokens-py)\n\nSupporting JavaScript libraries:\n\n* [blockstack.js](https://github.com/blockstack/blockstack.js)\n* [jsontokens-js](https://github.com/blockstack/jsontokens-js)\n\nSupporting Ruby libraries:\n\n* [Blockstack Ruby](https://github.com/blockstack/blockstack-ruby)\n\nThe main Blockstack website:\n\n* [The Blockstack Website](blockstack.org)\n\n# Out of Scope\n\n* [Blockstack Community Rewards Program](contribute.blockstack.org)\n* Error pages of Blockstack websites which may reflect the page not-found (i.e., \"404 responses\"). \n\n# Disclosure Policy\n* Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n* Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n* Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n# Exclusions\nWhile researching, we'd like to ask you to refrain from:\n* Denial of service\n* Spamming\n* Social engineering (including phishing) of Blockstack staff or contractors\n* Any physical attempts against Blockstack property or data centers\n\nThank you for helping keep Blockstack and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2018-08-06T15:35:30.633Z"},{"id":3583788,"new_policy":"# Welcome\n\nBlockstack is building a new decentralized internet where users own their data and apps run without remote servers.\n\nWe're rethinking DNS, identity, authentication, and application infrastructure and working to make the internet a better place.\n\nThat said, we can't get there without the dedicated work of skilled security researchers like yourself.\n\nWe want your help and together we can make the internet safer and more free.\n\nIf you've found a bug in our products or supporting libraries, please notify us and we'll work with you to resolve this issue as soon as possible.\n\nThanks for being a part of the Blockstack community.\n\n# Rewards\n\n| Severity | Reward |\n|------------------------|-------|\n| Very low severity bugs | $25+ |\n| Low severity bugs | $50+ |\n| Medium severity bugs | $150+ |\n| High severity bugs | $300+ |\n| Critical severity bugs | $600+ |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\nMain projects:\n\n* [Blockstack Core](https://github.com/blockstack/blockstack-core) - the `blockstack_registrar` folder is deprecated code and is out of review scope.  \n* [Blockstack Portal](https://github.com/blockstack/blockstack-portal)\n\nSupporting Python libraries:\n\n* [Virtualchain](https://github.com/blockstack/blockstack-virtualchain)\n* [Keylib](https://github.com/blockstack/keylib-py)\n* [jsontokens-py](https://github.com/blockstack/jsontokens-py)\n\nSupporting JavaScript libraries:\n\n* [blockstack.js](https://github.com/blockstack/blockstack.js)\n* [jsontokens-js](https://github.com/blockstack/jsontokens-js)\n\nSupporting Ruby libraries:\n\n* [Blockstack Ruby](https://github.com/blockstack/blockstack-ruby)\n\n# Out of Scope\n\n* [The Blockstack Website](blockstack.org)\n* [Blockstack Community Rewards Program](contribute.blockstack.org)\n* Error pages of Blockstack websites which may reflect the page not-found (i.e., \"404 responses\"). \n\n# Disclosure Policy\n* Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n* Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n* Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n# Exclusions\nWhile researching, we'd like to ask you to refrain from:\n* Denial of service\n* Spamming\n* Social engineering (including phishing) of Blockstack staff or contractors\n* Any physical attempts against Blockstack property or data centers\n\nThank you for helping keep Blockstack and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2018-07-26T19:47:25.213Z"},{"id":3568335,"new_policy":"# Welcome\n\nBlockstack is building a new decentralized internet where users own their data and apps run without remote servers.\n\nWe're rethinking DNS, identity, authentication, and application infrastructure and working to make the internet a better place.\n\nThat said, we can't get there without the dedicated work of skilled security researchers like yourself.\n\nWe want your help and together we can make the internet safer and more free.\n\nIf you've found a bug in our products or supporting libraries, please notify us and we'll work with you to resolve this issue as soon as possible.\n\nThanks for being a part of the Blockstack community.\n\n# Rewards\n\n| Severity | Reward |\n|------------------------|-------|\n| Very low severity bugs | $25+ |\n| Low severity bugs | $50+ |\n| Medium severity bugs | $150+ |\n| High severity bugs | $300+ |\n| Critical severity bugs | $600+ |\n\nIn general, we strive to reward a bounty after triage.\n\n# Scope\n\nMain projects:\n\n* [Blockstack Core](https://github.com/blockstack/blockstack-core) - the `blockstack_registrar` folder is deprecated code and is out of review scope.  \n* [Blockstack Portal](https://github.com/blockstack/blockstack-portal)\n\nSupporting Python libraries:\n\n* [Virtualchain](https://github.com/blockstack/blockstack-virtualchain)\n* [Keylib](https://github.com/blockstack/keylib-py)\n* [jsontokens-py](https://github.com/blockstack/jsontokens-py)\n\nSupporting JavaScript libraries:\n\n* [blockstack.js](https://github.com/blockstack/blockstack.js)\n* [jsontokens-js](https://github.com/blockstack/jsontokens-js)\n\nSupporting Ruby libraries:\n\n* [Blockstack Ruby](https://github.com/blockstack/blockstack-ruby)\n\n# Out of Scope\n\n* [The Blockstack Website](blockstack.org)\n* Error pages of Blockstack websites which may reflect the page not-found (i.e., \"404 responses\"). \n\n# Disclosure Policy\n* Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n* Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n* Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n# Exclusions\nWhile researching, we'd like to ask you to refrain from:\n* Denial of service\n* Spamming\n* Social engineering (including phishing) of Blockstack staff or contractors\n* Any physical attempts against Blockstack property or data centers\n\nThank you for helping keep Blockstack and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2018-02-05T14:47:38.793Z"},{"id":3567940,"new_policy":"# Welcome\n\nBlockstack is building a new decentralized internet where users own their data and apps run without remote servers.\n\nWe're rethinking DNS, identity, authentication, and application infrastructure and working to make the internet a better place.\n\nThat said, we can't get there without the dedicated work of skilled security researchers like yourself.\n\nWe want your help and together we can make the internet safer and more free.\n\nIf you've found a bug in our products or supporting libraries, please notify us and we'll work with you to resolve this issue as soon as possible.\n\nThanks for being a part of the Blockstack community.\n\n# Rewards\n\n| Severity | Reward |\n|------------------------|-------|\n| Very low severity bugs | $25+ |\n| Low severity bugs | $50+ |\n| Medium severity bugs | $150+ |\n| High severity bugs | $300+ |\n| Critical severity bugs | $600+ |\n\n# Scope\n\nMain projects:\n\n* [Blockstack Core](https://github.com/blockstack/blockstack-core) - the `blockstack_registrar` folder is deprecated code and is out of review scope.  \n* [Blockstack Portal](https://github.com/blockstack/blockstack-portal)\n\nSupporting Python libraries:\n\n* [Virtualchain](https://github.com/blockstack/blockstack-virtualchain)\n* [Keylib](https://github.com/blockstack/keylib-py)\n* [jsontokens-py](https://github.com/blockstack/jsontokens-py)\n\nSupporting JavaScript libraries:\n\n* [blockstack.js](https://github.com/blockstack/blockstack.js)\n* [jsontokens-js](https://github.com/blockstack/jsontokens-js)\n\nSupporting Ruby libraries:\n\n* [Blockstack Ruby](https://github.com/blockstack/blockstack-ruby)\n\n# Out of Scope\n\n* [The Blockstack Website](blockstack.org)\n* Error pages of Blockstack websites which may reflect the page not-found (i.e., \"404 responses\"). \n\n# Disclosure Policy\n* Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n* Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n* Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n# Exclusions\nWhile researching, we'd like to ask you to refrain from:\n* Denial of service\n* Spamming\n* Social engineering (including phishing) of Blockstack staff or contractors\n* Any physical attempts against Blockstack property or data centers\n\nThank you for helping keep Blockstack and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2018-01-31T16:30:52.920Z"},{"id":3560419,"new_policy":"# Welcome\n\nBlockstack is building a new decentralized internet where users own their data and apps run without remote servers.\n\nWe're rethinking DNS, identity, authentication, and application infrastructure and working to make the internet a better place.\n\nThat said, we can't get there without the dedicated work of skilled security researchers like yourself.\n\nWe want your help and together we can make the internet safer and more free.\n\nIf you've found a bug in our products or supporting libraries, please notify us and we'll work with you to resolve this issue as soon as possible.\n\nThanks for being a part of the Blockstack community.\n\n# Rewards\n\n| Severity | Reward |\n|------------------------|-------|\n| Very low severity bugs | $25+ |\n| Low severity bugs | $50+ |\n| Medium severity bugs | $150+ |\n| High severity bugs | $300+ |\n| Critical severity bugs | $600+ |\n\n# Scope\n\nMain projects:\n\n* [Blockstack Core](https://github.com/blockstack/blockstack-core) - the `blockstack_registrar` folder is deprecated code and is out of review scope.  \n* [Blockstack Portal](https://github.com/blockstack/blockstack-portal)\n\nSupporting Python libraries:\n\n* [Virtualchain](https://github.com/blockstack/blockstack-virtualchain)\n* [Keylib](https://github.com/blockstack/keylib-py)\n* [jsontokens-py](https://github.com/blockstack/jsontokens-py)\n\nSupporting JavaScript libraries:\n\n* [blockstack.js](https://github.com/blockstack/blockstack.js)\n* [jsontokens-js](https://github.com/blockstack/jsontokens-js)\n\nSupporting Ruby libraries:\n\n* [Blockstack Ruby](https://github.com/blockstack/blockstack-ruby)\n\n# Out of Scope\n\n* [The Blockstack Website](blockstack.org)\n\n# Disclosure Policy\n* Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n* Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n* Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n# Exclusions\nWhile researching, we'd like to ask you to refrain from:\n* Denial of service\n* Spamming\n* Social engineering (including phishing) of Blockstack staff or contractors\n* Any physical attempts against Blockstack property or data centers\n\nThank you for helping keep Blockstack and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-09-14T14:30:40.782Z"},{"id":3560300,"new_policy":"# Welcome\n\nBlockstack is building a new decentralized internet where users own their data and apps run without remote servers.\n\nWe're rethinking DNS, identity, authentication, and application infrastructure and working to make the internet a better place.\n\nThat said, we can't get there without the dedicated work of skilled security researchers like yourself.\n\nWe want your help and together we can make the internet safer and more free.\n\nIf you've found a bug in our products or supporting libraries, please notify us and we'll work with you to resolve this issue as soon as possible.\n\nThanks for being a part of the Blockstack community.\n\n# Rewards\n\n| Severity | Reward |\n|------------------------|-------|\n| Very low severity bugs | $25+ |\n| Low severity bugs | $50+ |\n| Medium severity bugs | $150+ |\n| High severity bugs | $300+ |\n| Critical severity bugs | $600+ |\n\n# Scope\n\nMain projects:\n\n* [Blockstack Core](https://github.com/blockstack/blockstack-core)\n* [Blockstack Portal](https://github.com/blockstack/blockstack-portal)\n\nSupporting Python libraries:\n\n* [Virtualchain](https://github.com/blockstack/blockstack-virtualchain)\n* [Keylib](https://github.com/blockstack/keylib-py)\n* [jsontokens-py](https://github.com/blockstack/jsontokens-py)\n\nSupporting JavaScript libraries:\n\n* [blockstack.js](https://github.com/blockstack/blockstack.js)\n* [jsontokens-js](https://github.com/blockstack/jsontokens-js)\n\nSupporting Ruby libraries:\n\n* [Blockstack Ruby](https://github.com/blockstack/blockstack-ruby)\n\n# Out of Scope\n\n* [The Blockstack Website](blockstack.org)\n\n# Disclosure Policy\n* Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.\n* Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.\n* Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.\n\n# Exclusions\nWhile researching, we'd like to ask you to refrain from:\n* Denial of service\n* Spamming\n* Social engineering (including phishing) of Blockstack staff or contractors\n* Any physical attempts against Blockstack property or data centers\n\nThank you for helping keep Blockstack and our users safe!\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-09-12T16:52:16.354Z"}]