Powered by: Allows bounty splitting:
Average time to first program response: 143
Average time to bounty awarded null:
Average time to report resolved:
Handle ibb
Managed program: false
Name: Internet Bug Bounty
Offers bounties: true
Offers swag: false
Response efficiency percentage: 76
Submission state: open
Url: https://hackerone.com/ibb
Website: https://www.hackerone.com/internet-bug-bounty
In scope: Asset identifier: https://git.libssh.org/Asset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: https://www.libssh.org/development/security-process/Integrity requirements: Max severity: criticalAsset identifier: https://github.com/ElectronAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Build cross platform desktop apps with JavaScript, HTML, and CSS. Disclosure instructions: https://github.com/electron/electron/security/policyIntegrity requirements: Max severity: criticalAsset identifier: https://github.com/NginxAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: http://nginx.org/en/security_advisories.htmlIntegrity requirements: Max severity: criticalAsset identifier: https://github.com/apache/airflowAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: https://github.com/apache/airflow/security/policyIntegrity requirements: Max severity: criticalAsset identifier: https://github.com/apache/httpdAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: http://httpd.apache.org/security_report.htmlIntegrity requirements: Max severity: criticalAsset identifier: https://github.com/argoproj/argoprojAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: https://github.com/argoproj/argoproj/blob/master/SECURITY.md
Project Modifier: bounty amounts for this project are adjusted based on the following criteria:
-50% : Vulnerability is not exploitable in a default configuration of Argo.Integrity requirements: Max severity: criticalAsset identifier: https://github.com/curl/curlAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: https://github.com/curl/curl/blob/master/docs/SECURITY-PROCESS.mdIntegrity requirements: Max severity: criticalAsset identifier: https://github.com/djangoAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: The Web framework for perfectionists with deadlines. Disclosure instructions: https://www.djangoproject.com/security/Integrity requirements: Max severity: criticalAsset identifier: https://github.com/nodejs/nodeAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: https://hackerone.com/nodejs
**Project Modifier:** bounty amounts for this project are adjusted based on the following criteria:
-50% : Vulnerability is not exploitable in a default configuration of Node.js.
-25% : A proposed patch was not provided for the issue.
Integrity requirements: Max severity: criticalAsset identifier: https://github.com/openssl/opensslAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: OpenSSL. Disclosure instructions: https://www.openssl.org/news/vulnerabilities.htmlIntegrity requirements: Max severity: criticalAsset identifier: https://github.com/rack/rackAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: https://github.com/rack/rack/security/policyIntegrity requirements: Max severity: criticalAsset identifier: https://github.com/railsAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Ruby on Rails. Disclosure Instructions: https://rubyonrails.org/security/Integrity requirements: Max severity: criticalAsset identifier: https://github.com/rubyAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: The Ruby Programming Language. Disclosure Instructions: https://www.ruby-lang.org/en/security/Integrity requirements: Max severity: criticalAsset identifier: https://github.com/rubygems/rubygemsAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Library packaging and distribution for Ruby. Disclosure instructions: https://guides.rubygems.org/security/#reporting-security-vulnerabilitiesIntegrity requirements: Max severity: criticalAsset identifier: https://github.com/rust-lang/rustAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Rust Programming Language. Disclosure Instructions: https://www.rust-lang.org/policies/securityIntegrity requirements: Max severity: criticalAsset identifier: https://github.com/spiffe/spiffeAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: If you've found a vulnerability or a potential vulnerability in SPIFFE please report it at security@spiffe.io.Integrity requirements: Max severity: criticalAsset identifier: https://github.com/spiffe/spireAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: https://github.com/spiffe/spire/security/policyIntegrity requirements: Max severity: criticalAsset identifier: https://wiki.xenproject.org/wiki/Xen_Project_RepositoriesAsset type: SOURCE_CODEAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: https://xenproject.org/developers/security-policy/
Eligible scope only includes issues for which an XSA is issued.Integrity requirements: Max severity: criticalAsset identifier: rubygems.orgAsset type: URLAvailability requirement: Confidentiality requirement: Eligible for bounty: trueEligible for submissions: trueInstruction: Disclosure instructions: Submit any new or potential vulnerabilities for rubygems.org to https://hackerone.com/rubygemsIntegrity requirements: Max severity: critical
