Open alessiodf opened 5 years ago
ghost
commented
5 years ago Thanks for opening this issue! A maintainer will review this in the next few days and explicitly select labels so you know what's going on.
If no reviewer appears after a week, a reminder will be sent out.
ItsANameToo
commented
5 years ago There are changes incoming to the bounty page that should address your concerns. Security and GitHub bounties will no longer be combined on one page, which gives us room to highlight both programs more. We'll look at including a leaderboard for security vulnerabilities too.
alessiodf
commented
5 years ago Thanks Mici
stale[bot]
commented
5 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
ghost
commented
5 years ago This issue has been closed. If you wish to re-open it please provide additional information.
ItsANameToo
commented
5 years ago Stop that
ghost
commented
5 years ago This issue has now been re-opened. If applicable please provide additional information as requested by one of the reviewers.
The "ARK Security, Development and Bug Bounty" page should account for security vulnerabilities that have been reported and include them in the totals in the leaderboard.
I understand the fact that the leaderboard standings are pulled from GitHub but the backend could be made to pull from a secondary internal list of closed security vulnerabilities, along with who reported them and the USD value of those reports in order to add them to the leaderboards and top earners list.
After all, the page is called "ARK Security, Development and Bug Bounty" so it isn't right in my opinion to exclude a big part of that. It could also incentivise other people to look for security issues if they see the bounty amounts already paid for the closed vulnerabilities and realise that they could potentially make the same themselves by getting involved too.