github.com/decred/dcrlnd@v0.7.6/SECURITY.md

github.com/decred/dcrlnd@v0.7.6/SECURITY.md (about)

     1  # Security Policy
     2  
     3  ## Reporting a Vulnerability
     4  
     5  The Decred project runs a bug bounty program which is approved by the stakeholders and is funded by the Decred treasury.
     6  
     7  Please refer to the bounty website to understand the [scope](https://bounty.decred.org/#Scope) and how to [submit](https://bounty.decred.org/#Submit%20Vulnerability) a vulnerability.
     8  
     9  https://bounty.decred.org/
    10  
    11  ## Supported Versions
    12  
    13  `dcrlnd` is part of Decred's [Bug Bounty Program](https://bounty.decred.org)
    14  on an experimental basis while we haven't yet deployed into mainnet.
    15  
    16  Additionally, given the current nature of this work as a fork from the original
    17  `lnd` code, bugs that have been submitted to the upstream `lnd` project are **not**
    18  eligible for the bug bounty program _unless_ the following points apply:
    19  
    20    - The bug affects a mainnet worthy release of `dcrlnd`;
    21    - The fix for the bug was _not_ merged from the upstream repo while a
    22    substantial amount of upstream commits that are newer than the relevant one
    23    were merged;
    24    - The bug is not critical to `lnd` but it is to `dcrlnd`.