storacha · heyjay44 · Jan 24, 2025 · Jan 23, 2025 · Jan 23, 2025 · Jan 24, 2025
diff --git a/src/pages/docs/_meta.json b/src/pages/docs/_meta.json
@@ -9,6 +9,7 @@
   "faq": "FAQ",
   "privacy-policy": "Privacy Policy",
   "service-level-agreement": "Service level agreement",
+  "security-research-policy": "Security Research Policy",
   "terms": "Terms of service",
   "specs": {
     "newWindow": true,

diff --git a/src/pages/docs/security-research-policy.md b/src/pages/docs/security-research-policy.md
@@ -0,0 +1,21 @@
+# web3.storage Security Research Policy
+
+## Overview
+Our security research program is private and invitation-only. We do not accept unsolicited vulnerability reports or offer rewards for unrequested security research. 
+
+## Important Notice
+- All security testing must be pre-authorized in writing
+- Unauthorized security testing is prohibited
+- We do not provide bug bounties or rewards for unsolicited findings
+- Unauthorized testing may violate our Terms of Service and applicable laws
+
+## Reporting Security Issues
+1. Do not conduct any further testing
+2. Do not exploit the vulnerability
+3. Contact [email protected]
+4. Wait for explicit written authorization before any further action
+
+## Legal Notice
+Any unauthorized security testing, vulnerability scanning, or penetration testing of our systems is strictly prohibited and may result in legal action. We reserve all rights to pursue appropriate remedies against unauthorized security testing.
+
+Contact: [email protected]