diff options
author | Neal H. Walfield <neal@sequoia-pgp.org> | 2024-04-17 10:45:27 +0200 |
---|---|---|
committer | Neal H. Walfield <neal@sequoia-pgp.org> | 2024-04-17 10:47:03 +0200 |
commit | 2f26db35d48086894eb7b33e6de8a1177cc12be5 (patch) | |
tree | 37aebef89dfa669beff126c10dff05330ad5928a /doc | |
parent | 83860faa021ad1bdc3ebb1a8b0deec651c0b5e46 (diff) |
doc: Mention the bug bounty program.
- Mention the bug bounty program in the security vulnerabilities
guide.
- Link to the security vulnerabilities guide from the main readme.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/security-vulnerabilities.md | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/security-vulnerabilities.md b/doc/security-vulnerabilities.md index 7948aa4a..915e7015 100644 --- a/doc/security-vulnerabilities.md +++ b/doc/security-vulnerabilities.md @@ -21,6 +21,21 @@ If someone publishes a security-sensitive issue (including creating a public issue), then it may be necessary to forego responsible disclosure, and publish a fix as soon as possible. +If you responsibly disclose a security vulnerability, you may be +eligible for a reward as part of our [bug bounty program]. The bug +bounty program is hosted by [YesWeHack], and sponsored by the +[Sovereign Tech Fund]’s [Bug Resilience Program]. *We prefer that you +report any issues directly to us* as described above to limit the +number of people who know about it. After we confirm that the +vulnerability is eligible for a reward, you will be paid out via the +YesWeHack platform; you do not need to report the vulnerability via +YesWeHack to be eligible. + + [bug bounty program]: https://yeswehack.com/programs/sequoia-pgp-bug-bounty-program + [YesWeHack]: https://yeswehack.com + [Sovereign Tech Fund]: https://www.sovereigntechfund.de/ + [Bug Resilience Program]: https://www.sovereigntechfund.de/programs/bug-resilience + # Resolution 1. Assess the impact of the issue: |