9575 policies in database
Link to program      
2013-12-03
2019-08-02
Ruby on Rails logo
Thank
Gift
HOF
Reward

Reward

500 $ 

Ruby on Rails

Rails is used to power some of the most important sites on the web and its increasing popularity has made it a critical piece of internet infrastructure. If you've found a security bug that could potentially impact the security of these sites, you have our thanks and might be eligible for a cash reward.

Bounty Qualification

Only vulnerabilities that demonstrate security impact to the system's integrity or confidentiality are eligible for a bounty - typically Arbitrary Code Execution , Universal SQL Injection , or equivalent impact. While we encourage you to submit all potential issues, lower severity issues are not eligible for bounty at this time.

Impact

Critical Demonstrate that remote exploitation of this bug can be easily, actively, and reliably achieved.
High Demonstrate that remote exploitation of this bug is very likely (e.g. good control a register).
Medium Demonstrate the presence of a security bug with probable remote exploitation potential.

The project maintainers have final decision on which issues constitute security vulnerabilities. The Internet Bug Bounty Panel will respect their decision, and we ask that you do as well. It's important to keep in mind that not all submissions will qualify for a bounty, and that the decision to award a bounty is entirely at the discretion of the Panel.

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

In Scope

Scope Type Scope Name
web_application

https://github.com/rails/rails

Out of Scope

Scope Type Scope Name
web_application

*.rubyonrails.org


This program feature scope type like web_application.

FireBounty © 2015-2020

Legal notices