Mirror/SECURITY.md
2023-01-25 13:18:08 +01:00

779 B

Security Policy

Supported Versions

Mirror & Mirror LTS are both supported for security fixes.

Reporting a Vulnerability

Please contact security [at] mirror-networking.com to report a vulnerability. You can also contact us in our Discord for faster replies.

You can expect a reply within 24-48 hours. We will keep you updated on our steps to mitigate issues every 2-4 weeks.

Bug Bounty

Depending on the severity of the exploit, we offer a $50 - $500 bug bounty.

Specifically we are looking for:

  • Ways to crash a Mirror server.
  • Ways to exploit a Mirror server.
  • Ways to leave a Mirror server in undefined state.

We are not looking for DOS/DDOS attacks, as those are expected to be handled by the hosting infrastructure.