mirror of
https://github.com/monero-project/meta.git
synced 2024-12-22 11:39:22 +00:00
Merge pull request #312 from anonimal/VRP-DoS
VRP: specify type of DoS in relation to reward
This commit is contained in:
commit
b923a6fb11
1 changed files with 7 additions and 5 deletions
|
@ -83,11 +83,13 @@ PGP fingerprint = 1218 6272 CD48 E253 9E2D D29B 66A7 6ECF 9144 09F1
|
|||
|
||||
5. If over email, Response Manager opens a HackerOne issue for new submission
|
||||
|
||||
6. Establish severity of vulnerability:
|
||||
- a. HIGH: impacts network as a whole, has potential to break entire monero/kovri network, results in the loss of monero, or is on a scale of great catastrophe
|
||||
- b. MEDIUM: impacts individual nodes, routers, wallets, or must be carefully exploited
|
||||
- c. LOW: is not easily exploitable or is low impact
|
||||
- d. If there are any disputes regarding bug severity, the Monero Response team will ultimately define bug severity
|
||||
6. Define severity:
|
||||
- a. Establish severity of vulnerability:
|
||||
- i. HIGH: impacts network as a whole, has potential to break entire monero/kovri network, results in the loss of monero, or is on a scale of great catastrophe
|
||||
- ii. MEDIUM: impacts individual nodes, routers, wallets, or must be carefully exploited
|
||||
- iii. LOW: is not easily exploitable or is low impact
|
||||
- b. If there are any disputes regarding bug severity, the Monero Response team will ultimately define bug severity
|
||||
- c. Since a systematic DoS hunt has not been completed on any code, DoS's which do not crash a node remotely will receive a lower bounty reward
|
||||
|
||||
7. Respond according to the severity of the vulnerability:
|
||||
- a. HIGH severities must be notified on website and reddit /r/Monero (/r/Kovri for kovri) within 3 working days of classification
|
||||
|
|
Loading…
Reference in a new issue