diff --git a/VULNERABILITY_RESPONSE_PROCESS.md b/VULNERABILITY_RESPONSE_PROCESS.md index 47a3c4f..0ef06a7 100644 --- a/VULNERABILITY_RESPONSE_PROCESS.md +++ b/VULNERABILITY_RESPONSE_PROCESS.md @@ -1,6 +1,6 @@ # The Monero Project Vulnerability Response Process -## Preamble +## Preamble (Monero/Kovri) 1. Researchers/Hackers: while you research/hack, we ask that you please refrain from committing the following: - Denial of Service / Active exploiting against the Monero/Kovri networks @@ -9,11 +9,12 @@ 2. As a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in the scope of this process; only the code is!** -3. While **Kovri** is in a pre-Alpha release state, HackerOne should not be used for disclosure. All **Kovri** issues should be directed to [GitHub](https://github.com/monero-project/kovri) +3. Bounty will be released for all projects in Monero XMR only. For more information on how to use Monero, visit the [Monero website](https://getmonero.org) -4. Bounty will be released for all projects in Monero XMR only. For more information on how to use Monero, visit the [Monero website](https://getmonero.org) +## Preamble (Kovri) -5. Bounty will not be available for **Kovri** until **Kovri Beta** is released +1. While Kovri is in a pre-Alpha release state, do not use HackerOne for disclosure. All Kovri issues MUST be directed to either [GitHub](https://github.com/monero-project/kovri) or Email +2. Bounty will not be available for Kovri until **Kovri Beta** is released ## I. Points of contact for security issues