Skip to content

Commit 2305e0f

Browse files
Luisfc68Luisfc68
authored
Merge pull request #415 from rsksmart/bug_bounty_program
Update bug bounty program
2 parents e8e124d + c105e8d commit 2305e0f

File tree

1 file changed

+6
-18
lines changed

1 file changed

+6
-18
lines changed

SECURITY.md

Lines changed: 6 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,19 @@
1-
# Liquidity Bridge Contract Security Process
1+
# RootstockLabs's Security Process
22

33
We are committed to conduct our security process in a professional and civil manner. Public shaming, under-reporting or misrepresentation of vulnerabilities will not be tolerated.
44

55
## Responsible Disclosure
66

7-
For all security related issues, Liquidity Bridge Contract has two main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program](https://www.rootstocklabs.com/bug-bounty-program). **Do not open up a GitHub issue if the bug is a security vulnerability**
7+
For all security related issues, RootstockLabs has two main points of contact. Reach us at <security@rootstocklabs.com> or refer to our [Bug Bounty Program](https://www.rootstocklabs.com/bug-bounty-program/). **Do not open up a GitHub issue if the bug is a security vulnerability**
88

99
**Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rsksmart/liquidity-bridge-contract/issues).
1010

11-
## Vulnerability Handling
11+
## Disclosure Policy
1212

13-
### Response Time
13+
- Follow Immunefi's [disclosure guidelines](https://immunefi.com/responsible-publication/).
14+
- Public disclosure of a vulnerability makes it ineligible for a bounty.
1415

15-
RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities:
16-
17-
- Time to first response (from report submit) - 5 business days
18-
- Time to triage (from report submit) - 7 business days
19-
- Time to bounty (from triage) - 15 business days
20-
21-
We’ll try to keep you informed about our progress throughout the process.
22-
23-
### Disclosure Policy
24-
25-
- Follow HackerOne's [disclosure guidelines](https://www.hackerone.com/disclosure-guidelines).
26-
- Public disclosure of a vulnerability makes it ineligible for a bounty. If the user reports the vulnerability to other security teams (e.g. Ethereum or ETC) but reports to RootstockLabs with considerable delay, then RootstockLabs may reduce or cancel the bounty.
27-
28-
For more information check RootstockLabs bounty program policy at [HackerOne](https://hackerone.com/rootstocklabs)
16+
For more information, check RootstockLabs bounty program policy at [Immunefi](https://immunefi.com/bug-bounty/rootstocklabs/information)
2917

3018
## Public Keys
3119

0 commit comments

Comments
 (0)