openEuler Bug Bounty Program Goes on Trial
On December 1, 2020, the openEuler bug bounty program was launched for trial run on Vulbox. The openEuler security team works with white hats to maintain and improve the overall security of the openEuler community. Acknowledgment and rewards will be given to the white hats that protect user interests and helps the openEuler community improve security. Each reported issue is followed up, analyzed, and handled by dedicated personnel, and is replied in a timely manner.
Send encrypted emails to email@example.com.
a. Version: openEuler 20.03 LTS
b. Platform: x86_64 or ARM64
c. Project: iSulad and A-Tune
Critical security issues: CNY15,000/issue
High-risk security issues: CNY8,000/issue
Medium-risk security issues: CNY2,000/issue
Low-risk security issues: CNY500/issue
Bonus During the Promotion Period (Regardless of Vulnerability Severity)
a. For the first vulnerability, the reward doubles.
b. For the first 10 vulnerabilities, a bonus of CNY2,000 for each vulnerability is provided.
Bug Bounty Program Homepage
Vulnerability Handling Policy
The openEuler community values the security of the community edition. We have developed a complete set of vulnerability handling policies to quickly respond to and handle openEuler-related security issues. https://www.openeuler.org/en/security/vulnerability-reporting/
Before the vulnerability you reported is fixed, avoid any disclosure or dissemination of the vulnerability. We promise that every issue you reported will be tracked, analyzed, handled, and replied to by dedicated personnel in a timely manner. If you disclose a submitted vulnerability in any form without the written permission of openEuler, we will cancel your reward and reserve the right to pursue your breach of contract or infringement.
Vulnerabilities should be tested in compliance with laws and regulations. Exploiting vulnerabilities to damage users' interests, affect service operation, and steal user data, and maliciously spreading vulnerabilities or data are suspected of violating laws, administrative regulations, openEuler community management regulations, or website agreements. The openEuler community reserves the right to pursue legal liability for these actions.
The openEuler community entrusts Vulbox to carry out the bug bounty program. The openEuler community does not access or obtain your personal information. The openEuler Security Committee confirms the vulnerability validity, severity, and reward amount with you via email, and Vulbox is responsible for the subsequent reward payment.