Banner object (1)

Hack and Take the Cash !

676 bounties in database
14/10/2018

Reward

Homebrew

Program Rules

No technology is perfect, and Homebrew believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in Homebrew, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

We pay bounties through BountyGraph (https://bountygraph.com/programs/homebrew).

Scope

The following sites and applications are within scope for this program:

  • The brew package manager (Homebrew/brew)
  • The Homebrew/homebrew-* official taps

Scope Exclusions

The following do not constitute security vulnerabilities in Homebrew:

  • brew.sh, discourse.brew.sh and jenkins.brew.sh websites
  • brew.sh domain SPF configuration
  • security vulnerabilities in hosted web services Homebrew relies on (e.g. Discourse, GitHub, Google Analytics, GitHub Pages)
  • security vulnerabilities in packaged software that are present in the upstream software (although these should be reported to the upstream software)
  • security vulnerabilities in software used by but not written by Homebrew (e.g. Jenkins and plugins)
  • nominal clickjacking and similar attacks against our static, GitHub Pages websites

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue. Please bear in mind we're a project run entirely by volunteers in our spare time.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with our explicit permission.
  • If it's an straightforward fix: please submit a pull request on GitHub.

Exclusions

While researching, we'd like to ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of Homebrew maintainers or contributors
  • Any physical attempts against Homebrew's machines

Thank you for helping keep Homebrew and our users safe!

BountyGraph Payout Policy

Bounties are paid to hackers and project maintainers at the discretion of the funding organizations and the BountyGraph team. To be eligible for a bounty, each submission must meet BountyGraph's report guidelines.

Thanks
Gift
Hall of Fame
Reward


List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2018