Mirror/SECURITY.md
2023-01-25 13:18:08 +01:00

23 lines
779 B
Markdown

# Security Policy
## Supported Versions
Mirror & Mirror LTS are both supported for security fixes.
## Reporting a Vulnerability
Please contact security [at] mirror-networking.com to report a vulnerability.
You can also contact us in [our Discord](https://discord.gg/N9QVxbM) for faster replies.
You can expect a reply within 24-48 hours.
We will keep you updated on our steps to mitigate issues every 2-4 weeks.
## Bug Bounty
Depending on the severity of the exploit, we offer a $50 - $500 bug bounty.
**Specifically we are looking for:**
* Ways to crash a Mirror server.
* Ways to exploit a Mirror server.
* Ways to leave a Mirror server in undefined state.
We are **not** looking for DOS/DDOS attacks, as those are expected to be handled by the hosting infrastructure.