diff options
Diffstat (limited to 'doc/security-vulnerabilities.md')
-rw-r--r-- | doc/security-vulnerabilities.md | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/security-vulnerabilities.md b/doc/security-vulnerabilities.md index 7948aa4a..915e7015 100644 --- a/doc/security-vulnerabilities.md +++ b/doc/security-vulnerabilities.md @@ -21,6 +21,21 @@ If someone publishes a security-sensitive issue (including creating a public issue), then it may be necessary to forego responsible disclosure, and publish a fix as soon as possible. +If you responsibly disclose a security vulnerability, you may be +eligible for a reward as part of our [bug bounty program]. The bug +bounty program is hosted by [YesWeHack], and sponsored by the +[Sovereign Tech Fund]’s [Bug Resilience Program]. *We prefer that you +report any issues directly to us* as described above to limit the +number of people who know about it. After we confirm that the +vulnerability is eligible for a reward, you will be paid out via the +YesWeHack platform; you do not need to report the vulnerability via +YesWeHack to be eligible. + + [bug bounty program]: https://yeswehack.com/programs/sequoia-pgp-bug-bounty-program + [YesWeHack]: https://yeswehack.com + [Sovereign Tech Fund]: https://www.sovereigntechfund.de/ + [Bug Resilience Program]: https://www.sovereigntechfund.de/programs/bug-resilience + # Resolution 1. Assess the impact of the issue: |