Please note these are general guidelines and examples, and that reward decisions are up to the discretion of the Hyperledger security team. Our rewards are based on the impact of a vulnerability. We aim to be fair all reward amounts are at our discretion. Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.Īmounts below are the minimum we will pay per category. When duplicate reports occur, we will only award the first report received-provided that the report is well formed, can be fully reproduced, and meets all other submission criteria. That is strictly prohibited and outside of the scope of this bounty program. We’d love to meet you and have you join our community. Treat everybody with respect, professionalism, fairness, and sensitivity to our many differences and strengths, including in situations of high pressure and urgency.īe familiar with and follow our community code of conduct.Ĭome hang out with us-or just lurk-in our chat and mailing lists. Submit one vulnerability per report, unless you can chain the vulnerabilities. If there is insufficient detail and we cannot reproduce the issue, the issue will not be eligible for a reward. Provide detailed reports with reproducible steps. Dosįollow HackerOne’s disclosure guidelines. We hope that you will come join us in making solid blockchain technologies and platforms for the benefit of many different industries/applications. You will also be able to access our JIRA bug tracking system at. We also have active mailing lists that you can join by going to. With the Linux Foundation ID you can access our RocketChat server (like Slack) at. To better stay connected with the Hyperledger developers, it is recommended that you create a Linux Foundation ID at. We will do our best to keep you informed about our progress throughout the process and per our security policy, all vulnerabilities will be disclosed responsibly. Our transparency is greater than other organizations, however we are using a confidential vulnerability reporting and resolution system. The Hyperledger security team consists of volunteer open source developers that will make a best effort to respond to incoming reports within 2 business days and make a bounty determination after validating a legitimate security issue within 60 business days. Additional projects will be joining the bug bounty in the near future, and we invite you to also review those when they join the bounty program. digital healthcare records, voting, etc) the Hyperledger community is eager to work with the broader security community to help identify any security vulnerabilities in the various Hyperledger technologies and report and fix them in a timely and responsible manner.īecause Hyperledger projects are in various stages of development and maturity, the community has chosen to limit our bug bounty program to those projects that have reached a “1.0” release maturity. energy markets, bank settlements, etc) to social systems (e.g. Hyperledger is a global open source collaborative effort created to advance cross-industry blockchain technologies, hosted by The Linux Foundation, and developed by technologists in finance, banking, internet of things, supply chains, manufacturing and technology.īecause blockchain and distributed ledger technology has such a wide range of applications, ranging from critical infrastructure (e.g. UPDATE: We now have a free online course that covers all of the details of setting up a Hyperledger Fabric test network for analysis. JIRA, Gerrit, Rocket.Chat, homepage, and wiki). Everything else, including our websites, are not in scope (e.g. That means only the code in the Hyperledger Fabric codebase is eligible for the bounty. NOTE: None of the web sites run by The Linux Foundation or by Hyperledger are eligible for the bounty.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |