Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case.
Two major factors will determine the amount of awarded tokens. They are as follows:
- Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
The code being opened, whoever finds bugs or some vulnerability in the code, the reward will also be high? For example, I find a vulnerability in popular open source software developed by Secure, so the award will be high?
The bounty price is determined by the usage level of the open source project that contains the reported vulnerability. The more widely the open source project is used, the higher the bounty price of the associated vulnerability. In addition to the bounty, reporters may also receive a severity bonus. This additional remuneration will be awarded based on the severity and impact levels of the submitted vulnerability, determined by Secure Planets verifying community.