[bisq-network/compensation] For Cycle 33 (Issue #1007)
Christoph Atteneder
notifications at github.com
Mon Feb 21 15:06:38 CET 2022
> So You mean that who ever finds such vulns in your domain should do that for free? You only asked we will pay you according to the time you have worked on it and now you only not accepting it? I have worked my time on it ad don't want to do something for free here. I deserve a little bounty atleast
Hi @ajay1706 ! What @Emzy is saying is that his team has no budget for this kind of disclosures, not that you won't get compensated for your responsible disclosure. So it will be a bigger discussion here and I think we should put up asap a security policy for the website under bisq/SECURITY.md. Something like
# Security Policy
## Supported Versions
_TODO: Point out which versions+ will receive updates. ATM v1.8.2+_
| Version | Supported |
| ------- | ------------------ |
| v1.8.2+ | :white_check_mark: |
| < 1.8.1 | :x: |
## Reporting a Vulnerability
_TODO: Use this section to tell people how to report a vulnerability._
_Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc._
Anyone up for drafting something for this?
--
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/compensation/issues/1007#issuecomment-1046915969
You are receiving this because you are subscribed to this thread.
Message ID: <bisq-network/compensation/issues/1007/1046915969 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20220221/849e3bdf/attachment.htm>
More information about the bisq-github
mailing list