The creators of Tor Project first mentioned their public bug fix program at the end of 2015. The private bug bounty program was launched in January 2016, and thanks to it, a number of bugs were discovered, including several denial-of-service (DoS) and out-of-bounds (OOB) vulnerabilities.
Now Tor Project, with support from the Open Technology Fund, has officially announced in HackerOne the launch of the open-loop reward program for bugs found in the Tor browser and the Tor network daemon. Vulnerabilities that allow for privilege enhancement, remote code execution, access to user data, and attack information that can be used to extract client data from encrypted nodes and client programs will be considered.
Depending on the seriousness of the problem, Tor Project is willing to pay from $ 100 to $ 4,000. A $ 2,000- $ 4,000 $ 2,000- $ 5,000 middle-level vulnerability will be paid for $ 300- $ 2,000 vulnerabilities, and $ 100- $ 2000 for small issues will be paid for $ 100 or nothing, but there will be a T-shirt gift, stickers, and a place in the Hall of Fame.
You will also be paid for bugs found in the libraries that Tor uses. Here the prize ranges from $ 500 to $ 2000.
The program does not cover OpenSSL.
*** Don't miss out on my next post! Follow me @bachoangel ***
Great post ;)
Thanks
Congratulations @bachoangel! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP