SECURITY.md - sliver (master)

Tree @master (Download .tar.gz)

.github
client
debian
docs
implant
protobuf
server
util
vendor
.dockerignore
.gitignore
build.py
CONTRIBUTING.md
Dockerfile
go-assets.sh
go-tests.sh
go.mod
go.sum
LICENSE
Makefile
README.md
SECURITY.md

SECURITY.md @master — view rendered · raw · history · blame

# Security Policy

One of the main goals of the Sliver project is to provide a secure platform when performing assessments, we encourage everyone to do a security review of the code base and report vulnerabilities, or to request features if the project does not meet your security needs.

### Bug Bounty

Anything in the `master` branch, without an open ticket.

| Severity | Reward  |
|---|---|
| Critical  |  12+ Year Whisky or Scotch |
|  High | Good Beer  |
|  Medium | A PBR, Grain Belt, or Hamm's  |
|  Low | High Five |

### Reporting a Vulnerability

Please report high and/or critical vulnerabilities via email `jdemesy<[a]>bishopfox.com`, if no response within 14 days, file a ticket with a `security` tag. Medium to Low risk vulnerabilities can simply be filed as a normal bug/issue with the `security` tag.