From: tobtoht <tob@featherwallet.org>
Date: Tue, 8 Oct 2024 17:15:55 +0000 (+0200)
Subject: SECURITY.md: add clarification on binary exploitation
X-Git-Url: https://git.nutra.tk/v2?a=commitdiff_plain;h=130432fd23823ebb633b4985e5ef0ad304a98a1f;p=gamesguru%2Ffeather.git

SECURITY.md: add clarification on binary exploitation
---

diff --git a/SECURITY.md b/SECURITY.md
index 15a0081a..501e3121 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -35,6 +35,7 @@ Clarifications on scope:
 - Any form of coercion, physical or psychological, is out of scope.
 - Vulnerabilities that are attributable to hardware are out of scope.
 - If the issue was fixed in the `master` branch before we receive your report, it is invalid and not eligible for a bounty from this program.
+- If the vulnerability involves binary exploitation, we may ask you to provide a proof of concept of secret key exfiltration.
 - Vulnerabilities that are present in the monero submodule but were not introduced in patches made by the Feather developers must
   be reported [upstream](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md) and are not eligible for a bounty from this program.
 - Vulnerabilities that are present in any of our third-party dependencies must be reported upstream and are not eligible for a bounty from this program.