Merge pull request #168 from anonimal/VRP

VRP: various additions to Preamble + points of contact
This commit is contained in:
luigi1111 2018-01-26 14:24:15 -05:00 committed by GitHub
commit 08cb805ffb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,19 +1,24 @@
# The Monero Project Vulnerability Response Process
## Preamble
## Preamble (Monero/Kovri)
1. Researchers/Hackers: while you research/hack, we ask that you please refrain from committing the following:
1. This Vulnerability Response Process and subsequent bounty reward apply to the following:
- Code implementation as seen in the Monero Project GitHub repositories
- Written research from the Monero Research Lab which dictates said code implementation
2. Researchers/Hackers: while you research/hack, we ask that you please refrain from committing the following:
- Denial of Service / Active exploiting against the Monero/Kovri networks
- Social Engineering of Monero/Kovri Project staff or contractors
- Any physical or electronic attempts against Monero/Kovri community property and/or data centers
2. As a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in the scope of this process; only the code is!**
3. While **Kovri** is in a pre-Alpha release state, HackerOne should not be used for disclosure. All **Kovri** issues should be directed to [GitHub](https://github.com/monero-project/kovri)
3. As a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in the scope of this process; only the code is!**
4. Bounty will be released for all projects in Monero XMR only. For more information on how to use Monero, visit the [Monero website](https://getmonero.org)
5. Bounty will not be available for **Kovri** until **Kovri Beta** is released
## Preamble (Kovri)
1. While Kovri is in a pre-Alpha release state, do not use HackerOne for disclosure. All Kovri issues MUST be directed to either [GitHub](https://github.com/monero-project/kovri) or Email
2. Bounty will not be available for Kovri until **Kovri Beta** is released
## I. Points of contact for security issues
@ -21,17 +26,17 @@
```
ric [at] getmonero.org
BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
PGP fingerprint = BDA6 BD70 42B7 21C4 67A9 759D 7455 C5E3 C0CD CEB9
luigi1111 [at] getmonero.org
8777 AB8F 778E E894 87A2 F8E7 F4AC A018 3641 E010
PGP fingerprint = 8777 AB8F 778E E894 87A2 F8E7 F4AC A018 3641 E010
```
### Monero (CLI/GUI)
```
moneromooo.monero [at] gmail.com
48B0 8161 FBDA DFE3 93AD FC3E 686F 0745 4D6C EFC3
PGP fingerprint = 48B0 8161 FBDA DFE3 93AD FC3E 686F 0745 4D6C EFC3
```
### Kovri (CLI/Website)
@ -39,7 +44,7 @@ moneromooo.monero [at] gmail.com
```
anonimal [at] i2pmail.org
anonimal [at] mail.i2p
PGP key fingerprint = 1218 6272 CD48 E253 9E2D D29B 66A7 6ECF 9144 09F1
PGP fingerprint = 1218 6272 CD48 E253 9E2D D29B 66A7 6ECF 9144 09F1
```
## II. Security response team