Hi all, Two months ago, we started working with HackerOne to set up a security bug bounty program for our products, because we believe that no technology is perfect and that working with skilled security researchers across the globe is crucial in identifying weaknesses.
This bug bounty program is currently invitation-only, though we plan to make it public very soon. Meanwhile, if you know highly skilled security researchers interested in looking for issues in our DNS-related software, written in C++, you can ask them to contact me so that I can invite them into the program. The scope of this program covers security issues in: * PowerDNS Authoritative Server * PowerDNS Recursive Server * dnsdist Please note that our websites and infrastructures are in no way part of this program, and are explicitly out of scope. Besides our respect and attribution, PowerDNS may provide rewards to eligible reporters of qualifying vulnerabilities. Rewards include: * PowerDNS-Branded Clothing (T-Shirts, Polo Shirts, Hoodies). * Minimum reward of $100 USD for vulnerabilities we consider to be serious but of low-impact, up to a maximum of $5000 USD for the most severe vulnerabilities. PowerDNS will determine in its discretion whether a reward should be granted and the amount of the reward. In particular we may choose to pay higher rewards for severe vulnerabilities or lower rewards for vulnerabilities that are considered less severe. A more complete policy is available at HackerOne once you are invited to our program. Please read it carefully and respect it. Best regards, Remi -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-dev mailing list Pdns-dev@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-dev
