Bug bounty/responsible disclosure framework

spacemeshos / pm

Project management. Meta-tasks related to research, dev, and specs for the Spacemesh protocol and infrastructure.

http://spacemesh.io/

Creative Commons Zero v1.0 Universal

2 stars 0 forks source link

Bug bounty/responsible disclosure framework #235

Open lrettig opened 11 months ago

lrettig commented 11 months ago

Self-explanatory. We need to specify reporting rules and requirements/terms and conditions, what's in and out of scope, SLA for response, and bounties.

lrettig commented 11 months ago

Initial version of this is now up at https://github.com/spacemeshos/go-spacemesh/blob/develop/SECURITY.md. I applied today for a community account at Hackerone, which we'll use to manage bounties.

lrettig commented 11 months ago

Waiting to finalize information internally here on the size of the bounties. Have a call scheduled with HackerOne to discuss next steps.

lrettig commented 10 months ago

Had the call with HackerOne. Still waiting on internal approval and budgeting.

lrettig commented 10 months ago

Have a follow up call scheduled for tomorrow.