Stellar Lumens (XLM) Forum with for newcomers and contributor's rewarded Check here




"INFO -  Stellar bug bounty program
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5

#1
Stellar Bug Bounty Program Overview

The Stellar Bug Bounty Program provides bounties for vulnerabilities and exploits discovered in the Stellar protocol or any of the code in our repos. We recognize the importance of our community and security researchers in helping identify bugs and issues. We encourage responsible disclosure of security vulnerabilities via our bug bounty program described on this page.
Our development team has up to 90 days to implement a fix based on the severity of the report. Please allow for this process to fully complete before you publicly disclose the vulnerability.
We are rewarding researchers that find bugs with a bounty of our digital currency, lumens (XLM). The amount of the award depends on the degree of severity of the vulnerability reported.
The Stellar.org Bug Bounty Panel will evaluate award sizes according to severity calculated according to the risk rating model based on Impact and Likelihood. However, final awards are determined at the sole discretion of the panel.


[*]Critical: up to 25 000 points
[*]High: up to 15 000 points
[*]Medium: up to 10 000 points
[*]Low: up to 2 000 points
[*]Note: up to 500 points

1 point currently corresponds to 1 USD (payable in lumens (XLM), something which may change without prior notice.
Researchers are more likely to earn a larger reward by demonstrating how a vulnerability can be exploited to maximum effect.

Generally speaking, any bug that poses a significant vulnerability to the security or integrity of the Stellar Network could be eligible for reward. However, it’s entirely at our discretion to decide whether a bug is significant enough to be eligible for reward.
[size=medium]In general, anything which has the potential for financial loss or data breach is of sufficient severity,

[*]Implementation bugs that can lead to financial loss
[*]Access to our production servers
[*]Remote Code Execution
[*]Protocol bugs
[*]Crash bug in Stellar-core or Horizon (ex. a bug that can crash the app by sending a special request, not by sending thousands requests).
In general, the following would not meet the threshold for severity:

[*]Recently disclosed 0-day vulnerabilities
[*]Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website.
[*]Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc.
[*]Vulnerabilities affecting outdated or unpatched browsers.
[*]Vulnerabilities in third party applications that make use of Stellar’s API.
[*]Bugs that have not been responsibly investigated and reported.
[*]Bugs already known to us, or already reported by someone else (reward goes to first reporter).
[*]Issues that aren’t reproducible.
[*]Issues that we can’t reasonably be expected to do anything about.

The severity of a bug, i.e. how many participants in the Stellar network are affected, is taken into consideration when deciding the bounty payout amount. For example, an exploit that relies on an implementation bug in stellar-core affects the network as a whole and very deeply. There are no alternate implementations of stellar-core and so a payout that affects stellar-core would pay out higher than for example, an XSS bug.
Our open source projects:

[*]https://github.com/stellar/stellar-core

[*]https://stellarorg.zendesk.com
Reply
#2
(05-01-2018, 12:02 PM)Gorlitz Wrote: Stellar Bug Bounty Program Overview

The Stellar Bug Bounty Program provides bounties for vulnerabilities and exploits discovered in the Stellar protocol or any of the code in our repos. We recognize the importance of our community and security researchers in helping identify bugs and issues. We encourage responsible disclosure of security vulnerabilities via our bug bounty program described on this page.
Our development team has up to 90 days to implement a fix based on the severity of the report. Please allow for this process to fully complete before you publicly disclose the vulnerability.
We are rewarding researchers that find bugs with a bounty of our digital currency, lumens (XLM). The amount of the award depends on the degree of severity of the vulnerability reported.
The Stellar.org Bug Bounty Panel will evaluate award sizes according to severity calculated according to the risk rating model based on Impact and Likelihood. However, final awards are determined at the sole discretion of the panel.


[*]Critical: up to 25 000 points
[*]High: up to 15 000 points
[*]Medium: up to 10 000 points
[*]Low: up to 2 000 points
[*]Note: up to 500 points

1 point currently corresponds to 1 USD (payable in lumens (XLM), something which may change without prior notice.
Researchers are more likely to earn a larger reward by demonstrating how a vulnerability can be exploited to maximum effect.

Generally speaking, any bug that poses a significant vulnerability to the security or integrity of the Stellar Network could be eligible for reward. However, it’s entirely at our discretion to decide whether a bug is significant enough to be eligible for reward.
[size=medium]In general, anything which has the potential for financial loss or data breach is of sufficient severity,

[*]Implementation bugs that can lead to financial loss
[*]Access to our production servers
[*]Remote Code Execution
[*]Protocol bugs
[*]Crash bug in Stellar-core or Horizon (ex. a bug that can crash the app by sending a special request, not by sending thousands requests).
In general, the following would not meet the threshold for severity:

[*]Recently disclosed 0-day vulnerabilities
[*]Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website.
[*]Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc.
[*]Vulnerabilities affecting outdated or unpatched browsers.
[*]Vulnerabilities in third party applications that make use of Stellar’s API.
[*]Bugs that have not been responsibly investigated and reported.
[*]Bugs already known to us, or already reported by someone else (reward goes to first reporter).
[*]Issues that aren’t reproducible.
[*]Issues that we can’t reasonably be expected to do anything about.

The severity of a bug, i.e. how many participants in the Stellar network are affected, is taken into consideration when deciding the bounty payout amount. For example, an exploit that relies on an implementation bug in stellar-core affects the network as a whole and very deeply. There are no alternate implementations of stellar-core and so a payout that affects stellar-core would pay out higher than for example, an XSS bug.
Our open source projects:

[*]https://github.com/stellar/stellar-core

[*]https://stellarorg.zendesk.com
[*]

what?
Reply
#3
Hi bro [*] is no need to type.


It's just only symbol like using -, or a,b,c or 1,2,3 etc
Reply
#4
(05-01-2018, 12:16 PM)diepnhi Wrote:
(05-01-2018, 12:02 PM)Gorlitz Wrote: Stellar Bug Bounty Program Overview

The Stellar Bug Bounty Program provides bounties for vulnerabilities and exploits discovered in the Stellar protocol or any of the code in our repos. We recognize the importance of our community and security researchers in helping identify bugs and issues. We encourage responsible disclosure of security vulnerabilities via our bug bounty program described on this page.
Our development team has up to 90 days to implement a fix based on the severity of the report. Please allow for this process to fully complete before you publicly disclose the vulnerability.
We are rewarding researchers that find bugs with a bounty of our digital currency, lumens (XLM). The amount of the award depends on the degree of severity of the vulnerability reported.
The Stellar.org Bug Bounty Panel will evaluate award sizes according to severity calculated according to the risk rating model based on Impact and Likelihood. However, final awards are determined at the sole discretion of the panel.


[*]Critical: up to 25 000 points
[*]High: up to 15 000 points
[*]Medium: up to 10 000 points
[*]Low: up to 2 000 points
[*]Note: up to 500 points

1 point currently corresponds to 1 USD (payable in lumens (XLM), something which may change without prior notice.
Researchers are more likely to earn a larger reward by demonstrating how a vulnerability can be exploited to maximum effect.

Generally speaking, any bug that poses a significant vulnerability to the security or integrity of the Stellar Network could be eligible for reward. However, it’s entirely at our discretion to decide whether a bug is significant enough to be eligible for reward.
[size=medium]In general, anything which has the potential for financial loss or data breach is of sufficient severity,

[*]Implementation bugs that can lead to financial loss
[*]Access to our production servers
[*]Remote Code Execution
[*]Protocol bugs
[*]Crash bug in Stellar-core or Horizon (ex. a bug that can crash the app by sending a special request, not by sending thousands requests).
In general, the following would not meet the threshold for severity:

[*]Recently disclosed 0-day vulnerabilities
[*]Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website.
[*]Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc.
[*]Vulnerabilities affecting outdated or unpatched browsers.
[*]Vulnerabilities in third party applications that make use of Stellar’s API.
[*]Bugs that have not been responsibly investigated and reported.
[*]Bugs already known to us, or already reported by someone else (reward goes to first reporter).
[*]Issues that aren’t reproducible.
[*]Issues that we can’t reasonably be expected to do anything about.

The severity of a bug, i.e. how many participants in the Stellar network are affected, is taken into consideration when deciding the bounty payout amount. For example, an exploit that relies on an implementation bug in stellar-core affects the network as a whole and very deeply. There are no alternate implementations of stellar-core and so a payout that affects stellar-core would pay out higher than for example, an XSS bug.
Our open source projects:

[*]https://github.com/stellar/stellar-core

[*]https://stellarorg.zendesk.com
[*]

what?
[*]
Very good one. Thanks for sharing this.
Reply
#5
hahahaha really? Thanks for sharing this mate, I liked it
Reply
#6
(05-01-2018, 12:02 PM)Gorlitz Wrote: Stellar Bug Bounty Program Overview

The Stellar Bug Bounty Program provides bounties for vulnerabilities and exploits discovered in the Stellar protocol or any of the code in our repos. We recognize the importance of our community and security researchers in helping identify bugs and issues. We encourage responsible disclosure of security vulnerabilities via our bug bounty program described on this page.
Our development team has up to 90 days to implement a fix based on the severity of the report. Please allow for this process to fully complete before you publicly disclose the vulnerability.
We are rewarding researchers that find bugs with a bounty of our digital currency, lumens (XLM). The amount of the award depends on the degree of severity of the vulnerability reported.
The Stellar.org Bug Bounty Panel will evaluate award sizes according to severity calculated according to the risk rating model based on Impact and Likelihood. However, final awards are determined at the sole discretion of the panel.


[*]Critical: up to 25 000 points
[*]High: up to 15 000 points
[*]Medium: up to 10 000 points
[*]Low: up to 2 000 points
[*]Note: up to 500 points

1 point currently corresponds to 1 USD (payable in lumens (XLM), something which may change without prior notice.
Researchers are more likely to earn a larger reward by demonstrating how a vulnerability can be exploited to maximum effect.

Generally speaking, any bug that poses a significant vulnerability to the security or integrity of the Stellar Network could be eligible for reward. However, it’s entirely at our discretion to decide whether a bug is significant enough to be eligible for reward.
[size=medium]In general, anything which has the potential for financial loss or data breach is of sufficient severity,

[*]Implementation bugs that can lead to financial loss
[*]Access to our production servers
[*]Remote Code Execution
[*]Protocol bugs
[*]Crash bug in Stellar-core or Horizon (ex. a bug that can crash the app by sending a special request, not by sending thousands requests).
In general, the following would not meet the threshold for severity:

[*]Recently disclosed 0-day vulnerabilities
[*]Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website.
[*]Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc.
[*]Vulnerabilities affecting outdated or unpatched browsers.
[*]Vulnerabilities in third party applications that make use of Stellar’s API.
[*]Bugs that have not been responsibly investigated and reported.
[*]Bugs already known to us, or already reported by someone else (reward goes to first reporter).
[*]Issues that aren’t reproducible.
[*]Issues that we can’t reasonably be expected to do anything about.

The severity of a bug, i.e. how many participants in the Stellar network are affected, is taken into consideration when deciding the bounty payout amount. For example, an exploit that relies on an implementation bug in stellar-core affects the network as a whole and very deeply. There are no alternate implementations of stellar-core and so a payout that affects stellar-core would pay out higher than for example, an XSS bug.
Our open source projects:

[*]https://github.com/stellar/stellar-core

[*]https://stellarorg.zendesk.com
Thanks for sharing
Reply
#7
(05-01-2018, 12:02 PM)Gorlitz Wrote: Stellar Bug Bounty Program Overview

The Stellar Bug Bounty Program provides bounties for vulnerabilities and exploits discovered in the Stellar protocol or any of the code in our repos. We recognize the importance of our community and security researchers in helping identify bugs and issues. We encourage responsible disclosure of security vulnerabilities via our bug bounty program described on this page.
Our development team has up to 90 days to implement a fix based on the severity of the report. Please allow for this process to fully complete before you publicly disclose the vulnerability.
We are rewarding researchers that find bugs with a bounty of our digital currency, lumens (XLM). The amount of the award depends on the degree of severity of the vulnerability reported.
The Stellar.org Bug Bounty Panel will evaluate award sizes according to severity calculated according to the risk rating model based on Impact and Likelihood. However, final awards are determined at the sole discretion of the panel.


[*]Critical: up to 25 000 points
[*]High: up to 15 000 points
[*]Medium: up to 10 000 points
[*]Low: up to 2 000 points
[*]Note: up to 500 points

1 point currently corresponds to 1 USD (payable in lumens (XLM), something which may change without prior notice.
Researchers are more likely to earn a larger reward by demonstrating how a vulnerability can be exploited to maximum effect.

Generally speaking, any bug that poses a significant vulnerability to the security or integrity of the Stellar Network could be eligible for reward. However, it’s entirely at our discretion to decide whether a bug is significant enough to be eligible for reward.
[size=medium]In general, anything which has the potential for financial loss or data breach is of sufficient severity,

[*]Implementation bugs that can lead to financial loss
[*]Access to our production servers
[*]Remote Code Execution
[*]Protocol bugs
[*]Crash bug in Stellar-core or Horizon (ex. a bug that can crash the app by sending a special request, not by sending thousands requests).
In general, the following would not meet the threshold for severity:

[*]Recently disclosed 0-day vulnerabilities
[*]Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website.
[*]Vulnerabilities contingent on physical attack, social engineering, spamming, DDOS attack, etc.
[*]Vulnerabilities affecting outdated or unpatched browsers.
[*]Vulnerabilities in third party applications that make use of Stellar’s API.
[*]Bugs that have not been responsibly investigated and reported.
[*]Bugs already known to us, or already reported by someone else (reward goes to first reporter).
[*]Issues that aren’t reproducible.
[*]Issues that we can’t reasonably be expected to do anything about.

The severity of a bug, i.e. how many participants in the Stellar network are affected, is taken into consideration when deciding the bounty payout amount. For example, an exploit that relies on an implementation bug in stellar-core affects the network as a whole and very deeply. There are no alternate implementations of stellar-core and so a payout that affects stellar-core would pay out higher than for example, an XSS bug.
Our open source projects:

[*]https://github.com/stellar/stellar-core

[*]https://stellarorg.zendesk.com
[*]

thanks for ur sharing, and it is very helpful for the news
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Hot NEWS Difference between Stellar Lumens and Bitcoin Indraawagin 8 1,891 23-02-2019, 12:51 PM
Last Post: Mockingbird
12 demo2 Tutorial Trik mendapatkan 20 STR Dari Bekas Akun Stellar Tak Terpakai vickyjarmans 18 2,804 27-12-2018, 03:13 AM
Last Post: opay17
  Tutorial stellar wallet need to have tamnicefuture 1 464 26-12-2018, 01:44 AM
Last Post: opay17
  Tutorial How to send/Activate XLM to stellar.org wallet from BITCOIN.CO.ID Haseo893 12 2,864 21-11-2018, 05:17 PM
Last Post: opay17
05 like INFO - information need to know about stellar tamnicefuture 0 414 25-07-2018, 07:52 AM
Last Post: tamnicefuture
  INFO - keybase and stellar tamnicefuture 0 347 25-07-2018, 03:04 AM
Last Post: tamnicefuture
08 search INFO - evaluation of stellar tamnicefuture 0 398 25-07-2018, 02:54 AM
Last Post: tamnicefuture
  Tutorial How to Buy Stellar Lumens buyersguidex 4 901 21-07-2018, 11:11 AM
Last Post: pawfox
  Tutorial Get Your Stellar Wallet Secret Key Instantly Crypto 62 15,303 21-07-2018, 10:57 AM
Last Post: pawfox
  Tutorial How to Get Free Stellar Lumens Coin Indraawagin 24 5,926 19-07-2018, 01:41 PM
Last Post: kadalijo



Users browsing this thread: 1 Guest(s)