Open lrettig opened 11 months ago
Initial version of this is now up at https://github.com/spacemeshos/go-spacemesh/blob/develop/SECURITY.md. I applied today for a community account at Hackerone, which we'll use to manage bounties.
Waiting to finalize information internally here on the size of the bounties. Have a call scheduled with HackerOne to discuss next steps.
Had the call with HackerOne. Still waiting on internal approval and budgeting.
Have a follow up call scheduled for tomorrow.
Self-explanatory. We need to specify reporting rules and requirements/terms and conditions, what's in and out of scope, SLA for response, and bounties.