Merge pull request #168 from anonimal/VRP

VRP: various additions to Preamble + points of contact
2024-12-22 11:39:22 +00:00 · 2018-01-26 14:24:15 -05:00 · 2018-01-26 14:24:15 -05:00 · 08cb805ffb
commit 08cb805ffb
parent ba54b38fe6 f01d36de29
1 changed files with 17 additions and 12 deletions
--- a/VULNERABILITY_RESPONSE_PROCESS.md
+++ b/VULNERABILITY_RESPONSE_PROCESS.md
@ -1,19 +1,24 @@
 # The Monero Project Vulnerability Response Process
-## Preamble
+## Preamble (Monero/Kovri)
-1. Researchers/Hackers: while you research/hack, we ask that you please refrain from committing the following:
+1. This Vulnerability Response Process and subsequent bounty reward apply to the following:
- Denial of Service / Active exploiting against the Monero/Kovri networks
+   - Code implementation as seen in the Monero Project GitHub repositories
- Social Engineering of Monero/Kovri Project staff or contractors
+   - Written research from the Monero Research Lab which dictates said code implementation
 - Any physical or electronic attempts against Monero/Kovri community property and/or data centers
-2. As a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in the scope of this process; only the code is!**
+2. Researchers/Hackers: while you research/hack, we ask that you please refrain from committing the following:
   - Denial of Service / Active exploiting against the Monero/Kovri networks
   - Social Engineering of Monero/Kovri Project staff or contractors
   - Any physical or electronic attempts against Monero/Kovri community property and/or data centers
-3. While **Kovri** is in a pre-Alpha release state, HackerOne should not be used for disclosure. All **Kovri** issues should be directed to [GitHub](https://github.com/monero-project/kovri)
+3. As a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in the scope of this process; only the code is!**
 4. Bounty will be released for all projects in Monero XMR only. For more information on how to use Monero, visit the [Monero website](https://getmonero.org)
-5. Bounty will not be available for **Kovri** until **Kovri Beta** is released
+## Preamble (Kovri)
 1. While Kovri is in a pre-Alpha release state, do not use HackerOne for disclosure. All Kovri issues MUST be directed to either [GitHub](https://github.com/monero-project/kovri) or Email
 2. Bounty will not be available for Kovri until **Kovri Beta** is released
 ## I. Points of contact for security issues
@ -21,17 +26,17 @@
 ```
 ric [at] getmonero.org
-BDA6 BD70 42B7 21C4 67A9  759D 7455 C5E3 C0CD CEB9
+PGP fingerprint = BDA6 BD70 42B7 21C4 67A9  759D 7455 C5E3 C0CD CEB9
 luigi1111 [at] getmonero.org
-8777 AB8F 778E E894 87A2  F8E7 F4AC A018 3641 E010
+PGP fingerprint = 8777 AB8F 778E E894 87A2  F8E7 F4AC A018 3641 E010
 ```
 ### Monero (CLI/GUI)
 ```
 moneromooo.monero [at] gmail.com
-48B0 8161 FBDA DFE3 93AD  FC3E 686F 0745 4D6C EFC3
+PGP fingerprint = 48B0 8161 FBDA DFE3 93AD  FC3E 686F 0745 4D6C EFC3
 ```
 ### Kovri (CLI/Website)
@ -39,7 +44,7 @@ moneromooo.monero [at] gmail.com
 ```
 anonimal [at] i2pmail.org
 anonimal [at] mail.i2p
-PGP key fingerprint = 1218 6272 CD48 E253 9E2D  D29B 66A7 6ECF 9144 09F1
+PGP fingerprint = 1218 6272 CD48 E253 9E2D  D29B 66A7 6ECF 9144 09F1
 ```
 ## II. Security response team