RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 23:07:35 +00:00
Code Issues Activity Actions

Website: Bounty: Add rule for user interaction/social engineering (#4974)

Browse source
This commit is contained in:
bcoles 2021-01-16 23:09:01 +11:00 committed by GitHub
parent 38c5b3f788
commit c90b7881a7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Meta/Websites/serenityos.org/bounty/index.html
View file

@ -21,6 +21,7 @@
<li>The PoC exploit needs to work against the master branch at the time of claim.</li>
<li>Max 5 bounties per person.</li>
<li>No duplicates. If a bug is already reported, only the earliest reporter may claim the reward. This includes bugs found by continuous fuzzing systems.</li>
<li>No rewards for bugs that require unlikely user interaction or social engineering.</li>
<li>Remote bugs must be exploitable with an unmodified "default setup" of SerenityOS. Bugs in programs that are not started by default don't qualify.</li>
<li>The PoC exploit needs to work on a QEMU-emulated CPU that supports SMAP, SMEP, UMIP, NX, WP, and TSD natively.</li>
<li>SerenityOS always runs with assertions enabled, so you'll need to find a way around them.</li>