[bisq-network/compensation] For Cycle 33 (Issue #1007)
Stephan Oeste
notifications at github.com
Mon Feb 21 00:41:31 CET 2022
First of all thank you very much @ajay1706 for reporting the security issue. And doing a responsible disclosure.
This is very appreciated!
I have to add that it was my fault not updating Grafana on https://monitor.bisq.network/
My reasoning was that the Grafana graphs are broken and need fixing. So updating was counter productive in my mind.
The server has no impact on the operation of Bisq. There is no sensitive data at all on that server, all is shared openly.
Especially because Bisq has no responsible disclosure policy, this should be considered in the compensation amount.
If there would be a responsible disclosure policy, this server would be not considered a target.
Bisq should in general encourage responsible disclosures, but only for systems that are relevant and for the Bisq software itself.
**I can't approve this for ops, because ops has no budget for responsible disclosures.**
--
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/compensation/issues/1007#issuecomment-1046347868
You are receiving this because you are subscribed to this thread.
Message ID: <bisq-network/compensation/issues/1007/1046347868 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20220220/cf460bc0/attachment.htm>
More information about the bisq-github
mailing list