[bisq-network/compensation] For Cycle 33 (Issue #1007)
chimp1984
notifications at github.com
Tue Mar 1 20:04:36 CET 2022
I think we should define more clearly what types of security vulnerability reports we consider justified for compensation and to which amounts. The potential damage by the security vulnerability could be one factor to consider as well if it touches the core functionalities (Bisq app, trading) or just the sourrounding infrastructure which mostly does not carry any real financial risk. Another factor is to be sure that the reporter has some track record of professional security research. Otherwise we invite people running scripts to detect known vulnerabilities which are often not much relevant for Bisq (no opinion about that report as I did not look closer into it, but the contributor seems not to be a professional security researcher from his Github profile).
--
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/compensation/issues/1007#issuecomment-1055762160
You are receiving this because you are subscribed to this thread.
Message ID: <bisq-network/compensation/issues/1007/1055762160 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20220301/57123bc2/attachment.htm>
More information about the bisq-github
mailing list