The following document describes various aspects of Backpack security. This will continue to evolve alongside our Beta program and nothing here is considered final. Please contact security@200ms.io for any questions, issues, or concerns. We appreciate any and all feedback.
At the time of writing, Backpack has not undergone any 3rd party security audits. However, Backpack is in the process of engaging 3rd party firms to conduct independent security reviews of Backpack. At any given time, multiple audit streams are likely in progress. However, as a matter of policy, we will not publish these reports publicly for the duration of the Beta program.
Due to financial constraints, Backpack does not currently have a paid bug bounty program. We expect this to change in the future, although do not guarantee it, in which case retrospective grants will be considered on a case by case basis. This does not apply to bugs reported during the Beta.