🔐 Security guidelines
Security is a priority at Status, and we'd like to thank you in advance for taking steps to secure your devices and online accounts.
Here you'll find helpful links to resources to protect yourself and the organisation from attackers.
In much the same way we've decentralised the organisation and applications, we've done the same for security.
It means the vast majority of the attack surface is you, the people that contribute. Furthermore, the controls and information a security specialist has in terms of making decisions and monitoring how things are run is constrained. It also means education takes a forward step in importance across the organisation, and personal responsibility of quality security practices become paramount. It is up to the people to understand potential threats, take preventative measures, and report any issues they come across to the security team to protect the organisation as a whole. – @petty
Ask for help
Above all else, never be afraid to ask for help, ask questions, or report security concerns. Until we have an official infrastructure for support tickets, drop by:
- #security for more broad, public questions, or
- Drop an email to
All contributors with an onboarding process will have a security touchpoint with the security team during the first month of their onboarding.
Best practices checklists
Review & follow this checklist to make sure you are complying with our best practices.
Fancy giving your security a spring clean? Check out this crypto advent calendar with daily bite-sized security tips.
Phishing attacks are the most common: discord bots, telegram messages, and email, amongst other channels. Take this phishing test to see how savvy you are when it comes to detecting phishing.
Check out this list of essential hardware. Core contributors can expense hardware security keys (yubikeys) and should be used for Github, Gsuite, and Bitwarden.
Here's Corey's Status Learn-Up session about hardware wallets and best practices.
Our password manager is Bitwarden. All organisational passwords should be kept and shared here. So if you plan to store a Status related password, or get access to platforms that require username/passwords/2fa, then it should all be shared using Bitwarden.
You can request an invite in #people-ops. By signing up with the organisation, you get the premium features and sign up with any email you like. That way, if you ever leave Status, you can take your password manager secrets with you, and you only lose access to Status related items.
Learn more about Security @ Status at: