openEuler Bug Bounty Program Goes on Trial

gwei3openEuler Security Committee2020-12-01Vulnerability reportVulnerability scoringVulnerability bounty

On December 1, 2020, the openEuler bug bounty program was launched for trial run on Vulbox. The openEuler security team works with white hats to maintain and improve the overall security of the openEuler community. Acknowledgment and rewards will be given to the white hats that protect user interests and helps the openEuler community improve security. Each reported issue is followed up, analyzed, and handled by dedicated personnel, and is replied in a timely manner.

Vulnerability Report

Send encrypted emails to openeuler-security@openeuler.org.

Vulnerability Scope

a. Version: openEuler 20.03 LTS

b. Platform: x86_64 or ARM64

c. Project: iSulad and A-Tune

Vulnerability Bounties

Critical security issues: CNY15,000/issue

High-risk security issues: CNY8,000/issue

Medium-risk security issues: CNY2,000/issue

Low-risk security issues: CNY500/issue

Bonus During the Promotion Period (Regardless of Vulnerability Severity)
a. For the first vulnerability, the reward doubles.
b. For the first 10 vulnerabilities, a bonus of CNY2,000 for each vulnerability is provided.

Bug Bounty Program Homepage

https://openeulersrc.vulbox.com/

Vulnerability Handling Policy

The openEuler community values the security of the community edition. We have developed a complete set of vulnerability handling policies to quickly respond to and handle openEuler-related security issues. https://www.openeuler.org/en/security/vulnerability-reporting/

Declaration

  1. Before the vulnerability you reported is fixed, avoid any disclosure or dissemination of the vulnerability. We promise that every issue you reported will be tracked, analyzed, handled, and replied to by dedicated personnel in a timely manner. If you disclose a submitted vulnerability in any form without the written permission of openEuler, we will cancel your reward and reserve the right to pursue your breach of contract or infringement.

  2. Vulnerabilities should be tested in compliance with laws and regulations. Exploiting vulnerabilities to damage users' interests, affect service operation, and steal user data, and maliciously spreading vulnerabilities or data are suspected of violating laws, administrative regulations, openEuler community management regulations, or website agreements. The openEuler community reserves the right to pursue legal liability for these actions.

  3. The openEuler community entrusts Vulbox to carry out the bug bounty program. The openEuler community does not access or obtain your personal information. The openEuler Security Committee confirms the vulnerability validity, severity, and reward amount with you via email, and Vulbox is responsible for the subsequent reward payment.


[Disclaimer] This article only represents the author's opinions, and is irrelevant to this website. This website is neutral in terms of the statements and opinions in this article, and does not provide any express or implied warranty of accuracy, reliability, or completeness of the contents contained therein. This article is for readers' reference only, and all legal responsibilities arising therefrom are borne by the reader himself.