Tree @master (Download .tar.gz)

.github
client
debian
docs
implant
protobuf
server
util
vendor
.dockerignore
.gitignore
build.py
CONTRIBUTING.md
Dockerfile
go-assets.sh
go-tests.sh
go.mod
go.sum
LICENSE
Makefile
README.md
SECURITY.md

SECURITY.md @master — view markup · raw · history · blame

Security Policy

One of the main goals of the Sliver project is to provide a secure platform when performing assessments, we encourage everyone to do a security review of the code base and report vulnerabilities, or to request features if the project does not meet your security needs.

Bug Bounty

Anything in the master branch, without an open ticket.

Severity	Reward
Critical	12+ Year Whisky or Scotch
High	Good Beer
Medium	A PBR, Grain Belt, or Hamm's
Low	High Five

Reporting a Vulnerability

Please report high and/or critical vulnerabilities via email jdemesy<[a]>bishopfox.com, if no response within 14 days, file a ticket with a security tag. Medium to Low risk vulnerabilities can simply be filed as a normal bug/issue with the security tag.