zold
zold copied to clipboard
Define a bug bounty program
@yegor256, similar to what one finds in companies doing in https://www.hackerone.com/ I suggest we define a bug bounty program for both Zold and the web wallets projects.
Here's more detail of what could be done:
- Define a document (or add to an existing one, like the README) clearly stating the rules (and template) for reporting a security vulnerability (Disclosure, Eligibility, Exclusions, ...);
- Define the value (in $ or ZLD currency) for the reward levels for each type of eligible vulnerability;
- Describe how rewards are processed and transferred to the vulnerability reporter;
- Suggestion: setup this on a platform already specialised for the matter (like https://hackerone.com);
Regarding the type of vulnerabilities applicable for a bug bounty program, here's a few noteworthy examples of policies:
- https://hackerone.com/rockstargames
- https://hackerone.com/gitlab
@yegor256/z please, pay attention to this issue
@filfreire/z this project will fix the problem faster if you donate a few dollars to it; just click here and pay via Stripe, it's very fast, convenient and appreciated; thanks a lot!