This bounty program is for security issues in the Ruby programming language, neither websites (including *.ruby-lang.org) nor third party applications. Please submit issues that are regarding the Ruby programming language. You may also submit website issues, but in principle, they are outside the scope of the bounty program.
Documentation on Ruby can be found here.
The Internet Bug Bounty awards security research on Ruby. If your vulnerability meets the eligibility criteria, you can submit the post-fix information to the IBB for payout. As the IBB supports the whole vulnerability lifecycle, these bounty awards are awarded as an 80/20 split, where 80% will go to you, the finder, and 20% will be given to Ruby to continue to support the vulnerability remediation efforts.
To submit eligible vulnerabilities for a payout go to https://hackerone.com/ibb for submission instructions after the project maintainers have resolved the vulnerability.
The project maintainers have final decision on which issues constitute security vulnerabilities. The IBB team will respect their decision, and we ask that you do as well.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Scope Type | Scope Name |
---|---|
web_application | https://github.com/ruby/ruby |
Scope Type | Scope Name |
---|---|
web_application | *.ruby-lang.org |
The progam has been crawled by Firebounty on 2016-06-17 and updated on 2019-08-03, 25 reports have been received so far.
FireBounty © 2015-2024