HackerOne bounty amounts revision #59
Comments
|
I agree with @karelorigin that doubling the current ranges is a step in the right direction. This may encourage some of the more reputable hackers on the platform to review Liberapay. |
|
@Changaco since you have a better understanding of Liberapay's budget, I'd suggest taking it as a minimum. I think a more is better approach is generally preferred when it comes to bounties. |
Actually, I changed them last year, so almost all of the maximum amounts have already been doubled. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Liberapay's HackerOne program was launched in 2018 (liberapay/liberapay.com#549), and I don't think the bounty amounts have been changed since. Liberapay has significantly more income now than it did then, so we could increase the bounty amounts.
@karelorigin has proposed a simple doubling of the current amounts. Are there any other proposals? @EdOverflow?
(The best time for a significant update of the HackerOne program would probably be after Liberapay migrates away from AWS and SQL, as there will be a greater need for reviews of the new infrastructure's security. However, that would mean waiting quite a while, as the work to make that migration possible is nowhere near complete.)
The text was updated successfully, but these errors were encountered: