-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HackerOne bounty amounts revision #59
Comments
I agree with @karelorigin that doubling the current ranges is a step in the right direction. This may encourage some of the more reputable hackers on the platform to review Liberapay. |
@Changaco since you have a better understanding of Liberapay's budget, I'd suggest taking it as a minimum. I think a more is better approach is generally preferred when it comes to bounties. |
Actually, I changed them last year, so almost all of the maximum amounts have already been doubled. |
Liberapay's HackerOne program was launched in 2018 (liberapay/liberapay.com#549), and I don't think the bounty amounts have been changed since. Liberapay has significantly more income now than it did then, so we could increase the bounty amounts.
@karelorigin has proposed a simple doubling of the current amounts. Are there any other proposals? @EdOverflow?
(The best time for a significant update of the HackerOne program would probably be after Liberapay migrates away from AWS and SQL, as there will be a greater need for reviews of the new infrastructure's security. However, that would mean waiting quite a while, as the work to make that migration possible is nowhere near complete.)
The text was updated successfully, but these errors were encountered: