beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-30 08:41:15 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Websites: Update the SerenityOS bug bounty program :^)

Browse source 
Let's increase the reward since I have significantly improved funding
over the last year! Merry haxmas! :^)
This commit is contained in:
Andreas Kling 2021-12-18 11:15:35 +01:00
parent 32aa623eff
commit 363875128c
Notes: sideshowbarker 2024-07-17 22:39:56 +09:00 
Author: https://github.com/awesomekling
Commit: https://github.com/SerenityOS/serenity/commit/363875128cf
1 changed files with 27 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
Meta/Websites/serenityos.org/bounty/index.html
View file

@ -1,14 +1,35 @@
<!DOCTYPE html>
<html>
<head><title>SerenityOS bug bounty program</title></head>
<head>
<title>SerenityOS bug bounty program</title>
<style>
body {
background: black;
color: lime;
font-family: monospace;
font-size: 14pt;
}
a {
font-weight: bold;
text-decoration: underline;
}
a:link, a:visited {
color: cyan;
}
a:active {
color: red;
}
</style>
</head>
<body>
<h1>SerenityOS bug bounty program</h1>
<h1>SerenityOS bug bounty program :^)</h1>
<p>
Like any respectable software project, SerenityOS also runs a bug bounty program.
Like any respectable software project, <a href="https://www.serenityos.org/">SerenityOS</a>
also runs a bug bounty program.
I don't have a huge budget, but I want to reward good honest work.
</p>
<p>
I will pay <b>$5</b> USD for exploitable bugs in these categories:
I will pay <b>$50</b> USD for exploitable bugs in these categories:
</p>
<ul>
<li>Remote code execution.</li>
@ -19,7 +40,7 @@
<ul>
<li>No rewards for bugs you caused yourself.</li>
<li>The PoC exploit needs to work against the master branch at the time of claim.</li>
<li>Max 5 bounties per person.</li>
<li>Max 3 bounties per person.</li>
<li>No duplicates. If a bug is already reported, only the earliest reporter may claim the reward. This includes bugs found by continuous fuzzing systems.</li>
<li>No rewards for bugs that require unlikely user interaction or social engineering.</li>
<li>Remote bugs must be exploitable with an unmodified "default setup" of SerenityOS. Bugs in programs that are not started by default don't qualify.</li>
@ -27,11 +48,7 @@
<li>SerenityOS always runs with assertions enabled, so you'll need to find a way around them.</li>
</ul>
<p>
Rewarded bounties will be listed here, and I will also make a video dissecting each
exploit and showing what the bug was, and how I fix it.
</p>
<p>
To claim a reward, get in touch with me either on the <a href="https://discord.gg/serenityos">SerenityOS Discord</a> (<b>awesomekling</b>) or via <b>kling@serenityos.org</b>
To claim a reward, get in touch with me either on the <a href="https://discord.gg/serenityos">SerenityOS Discord</a> (<i>awesomekling#1985</i>) or via <b><a href="mailto:kling@serenityos.org">kling@serenityos.org</a></b>. (And even if you are not interested in the reward, I'd still like to hear about any exploits!)
</p>
<p><b>Past exploits:</b></p>
<ul>