nami security bounty
As the first intelligent sensing solution that integrates privacy by design, we are always on the lookout for potential vulnerabilities.
We reward those who share critical issues with us, as it enables us to resolve them as quickly as possible.
The nami security bounty is only available for the latest versions of the nami app and nami hardware. Eligibility also requires that those reporting:
- are the first to report the issue to our nami security team
- provide a clear case of a vulnerability to be exploited
- do not disclose the issue to anyone else before we have released a report on the issue.
Optimizing your report
By offering security bounties, our goal is always protecting our end-customer. Therefore, reports need to clearly identify the supposed vulnerability. We also require reports with sufficient information to allow us to test the vulnerability ourselves.
Your vulnerability report must include
- A detailed description of the issue
- Guidance on the vulnerability that is sufficient for us to reproduce the issue.
nami is focused on issues that:
- Affect multiple platforms
- Affect the latest version of our app and hardware
- Relate to newly added features of our products
- Relate to sensitive components of our ecosystem.
For more complicated vulnerabilities
As well as a full report, for more complicated issues we will expect a ‘full chain’. The chain and report full report must contain:
- Compiled and source versions
- All steps necessary to execute the chain
- A sample non-destructive payload, where possible.
How to send reports
Reports must be sent by email to firstname.lastname@example.org. Ideally, emails should be encrypted with our security key. If required use Mail Drop for sending large files.