[{"id":3639239,"new_policy":"# The Monero Project\n\n1. Read and abide by our [Vulnerability Response Process](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n2. Provide an XMR address within the report if you wish to receive bounty (assuming that the report is valid)\n    - PoC within a report will most likely result in more bounty than not\n\n## Scope\n\n**!!! DO NOT SUBMIT CSRF / XSS RELATED REPORTS. THEY WILL BE CLOSED AS NOT APPLICABLE !!!**\n\nThis primarily exists to help us find critical vulnerabilities in the Monero applications, which are written in C++, with some C and assembly, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (the Monero site use Jekyll and produces static HTML) or metadata leaks from volunteer hosting infrastructure.\n\nIf you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!\n\n## Project-specific policies:\n\nOnly the projects listed in our [Vulnerability Response Process](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md) are considered in scope.\n\n**Other projects, such as the Monero forum, are either being deprecated or are out of scope**.\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in scope, only the code is!**\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2020-07-06T14:54:23.691Z"},{"id":3605745,"new_policy":"# The Monero Project\n\n1. Read and abide by our [Vulnerability Response Process](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n2. Provide an XMR address within the report if you wish to receive bounty (assuming that the report is valid)\n    - PoC within a report will most likely result in more bounty than not\n\n## Scope\n\n**!!! DO NOT SUBMIT CSRF / XSS RELATED REPORTS. THEY WILL BE CLOSED AS NOT APPLICABLE !!!**\n\nThis primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C and assembly, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (both the Monero and Kovri sites use Jekyll and produce static HTML) or metadata leaks from volunteer hosting infrastructure.\n\nIf you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!\n\n## Project-specific policies:\n\nOnly the projects listed in our [Vulnerability Response Process](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md) are considered in scope.\n\n**Other projects, such as the Monero forum, are either being deprecated or are out of scope**.\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in scope, only the code is!**\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2019-03-21T23:16:06.944Z"},{"id":3584878,"new_policy":"# The Monero Project\n\nPlease first read our [Vulnerability Response Process](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md).\n\n## Scope\n\n**!!! DO NOT SUBMIT CSRF / XSS RELATED REPORTS. THEY WILL BE CLOSED AS NOT APPLICABLE !!!**\n\nThis primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C and assembly, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (both the Monero and Kovri sites use Jekyll and produce static HTML) or metadata leaks from volunteer hosting infrastructure.\n\nIf you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!\n\n## Project-specific policies:\n\nOnly the projects listed in our [Vulnerability Response Process](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md) are considered in scope.\n\n**Other projects, such as the Monero forum, are either being deprecated or are out of scope**.\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in scope, only the code is!**\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2018-08-06T15:04:26.751Z"},{"id":3564320,"new_policy":"# The Monero Project\n\nPlease first read our [Vulnerability Response Process](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md).\n\n## Scope\n\nThis primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C and assembly, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (both the Monero and Kovri sites use Jekyll and produce static HTML) or metadata leaks from volunteer hosting infrastructure.\n\nIf you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!\n\n## Project-specific policies:\n\nOnly the projects listed in our [Vulnerability Response Process](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md) are considered in scope.\n\n**Other projects, such as the Monero forum, are either being deprecated or are out of scope**.\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in scope, only the code is!**\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-11-30T00:00:46.324Z"},{"id":3564319,"new_policy":"# The Monero Project\n\n## Scope\n\nThis primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C and assembly, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (both the Monero and Kovri sites use Jekyll and produce static HTML) or metadata leaks from volunteer hosting infrastructure.\n\nIf you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!\n\n## Project-specific policies:\n\nRead our [Vulnerability Response Process](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md). Only the projects listed in that process are in scope.\n\n**Other projects, such as the Monero forum, are either being deprecated or are out of scope**.\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in scope, only the code is!**\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-11-29T23:58:56.601Z"},{"id":3560293,"new_policy":"# The Monero Project\n\n## Scope\n\nThis primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C and assembly, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (both the Monero and Kovri sites use Jekyll and produce static HTML) or metadata leaks from volunteer hosting infrastructure.\n\nIf you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!\n\n## Project-specific policies:\n\nRead our [Vulnerability Response Process](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md). Only the projects listed in that process are in scope.\n\n**Other projects, such as the Monero forum, are either being deprecated or are out of scope**.\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in scope, only the code is!**\n\n## Bounty\n\nWe award bounty through our [FFS](https://forum.getmonero.org/8/funding-required/87597/monero-bounty-for-hackerone).\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-09-11T21:12:15.405Z"},{"id":3559871,"new_policy":"# The Monero Project\n\n## Scope\n\nThis primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C and assembly, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (both the Monero and Kovri sites use Jekyll and produce static HTML) or metadata leaks from volunteer hosting infrastructure.\n\nThe projects that are in-scope are listed below in the \"Project-specific policies\" section. Please read the policy notes as well.\n\nIf you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!\n\n## Project-specific policies:\n\n**Only the following projects are in scope**. Other projects, such as the Monero forum, are either being deprecated or are out of scope.\n\n- [Monero (CLI)](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero (GUI)](https://github.com/monero-project/monero-core/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero (website)](https://github.com/monero-project/monero-site/blob/master/resources/vrp/index.md)\n- [Kovri](https://github.com/monero-project/kovri-docs/blob/master/i18n/en/vrp.md)\n- [Kovri (website)](https://github.com/monero-project/kovri-site/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in scope, only the code is!**\n\n## Bounty\n\nWe award bounty through our [FFS](https://forum.getmonero.org/8/funding-required/87597/monero-bounty-for-hackerone).\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-09-02T01:09:33.494Z"},{"id":3559870,"new_policy":"# The Monero Project\n\n## Scope\n\nThis primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (both the Monero and Kovri sites use Jekyll and produce static HTML) or metadata leaks from volunteer hosting infrastructure.\n\nThe projects that are in-scope are listed below in the \"Project-specific policies\" section. Please read the policy notes as well.\n\nIf you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!\n\n## Project-specific policies:\n\n**Only the following projects are in scope**. Other projects, such as the Monero forum, are either being deprecated or are out of scope.\n\n- [Monero (CLI)](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero (GUI)](https://github.com/monero-project/monero-core/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero (website)](https://github.com/monero-project/monero-site/blob/master/resources/vrp/index.md)\n- [Kovri](https://github.com/monero-project/kovri-docs/blob/master/i18n/en/vrp.md)\n- [Kovri (website)](https://github.com/monero-project/kovri-site/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in scope, only the code is!**\n\n## Bounty\n\nWe award bounty through our [FFS](https://forum.getmonero.org/8/funding-required/87597/monero-bounty-for-hackerone).\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-09-02T01:08:46.211Z"},{"id":3559869,"new_policy":"# The Monero Project\n\n## Scope\n\nThis primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (both the Monero and Kovri sites use Jekyll and produce static HTML) or metadata leaks from volunteer hosting infrastructure.\n\nThe projects that are in-scope are listed below in the \"Project-specific policies\" section. Please read the policy notes as well.\n\nIf you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!\n\n## Project-specific policies:\n\n**Only the following projects are in scope**. Other projects, such as the Monero forum, are either being deprecated or are out of scope.\n\n- [Monero (CLI)](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero (GUI)](https://github.com/monero-project/monero-core/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero Website](https://github.com/monero-project/monero-site/blob/master/resources/vrp/index.md)\n- [Kovri](https://github.com/monero-project/kovri-docs/blob/master/i18n/en/vrp.md)\n- [Kovri Website](https://github.com/monero-project/kovri-site/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and I2P, as well as on multiple public domains. **The live sites are NOT in scope, only the code is!**\n\n## Bounty\n\nWe award bounty through our [FFS](https://forum.getmonero.org/8/funding-required/87597/monero-bounty-for-hackerone).\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-09-02T01:08:15.728Z"},{"id":3559824,"new_policy":"# The Monero Project\n\n## Scope\n\nThis primarily exists to help us find critical vulnerabilities in the Monero and Kovri applications, which are written in C++, with some C, and QtQuick for the Monero GUI. We are not terribly interested in website vulnerabilities (both the Monero and Kovri sites use Jekyll and produce static HTML) or metadata leaks from volunteer hosting infrastructure.\n\nThe projects that are in-scope are listed below in the \"Project-specific policies\" section. Please read the policy notes as well.\n\nIf you are looking to disclose web app vulnerabilities, or low-hanging fruit like CSRF / XSS bugs, you are looking at the wrong project. These are not web apps!\n\n## Project-specific policies:\n\n- [Monero](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero GUI](https://github.com/monero-project/monero-core/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Kovri](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero Website](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Kovri Website](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and i2p, as well as on multiple public domains. The live sites are NOT in scope, only the code is!\n\nNote on Scope: ONLY these projects are in scope. Other projects, such as the Monero forum, are either being deprecated or are out of scope.\n\n## Bounty\n\nWe award bounty through our [FFS](https://forum.getmonero.org/8/funding-required/87597/monero-bounty-for-hackerone).\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-09-01T11:08:21.542Z"},{"id":3559821,"new_policy":"# The Monero Project\n\n## Project-specific policies:\n\n- [Monero](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero GUI](https://github.com/monero-project/monero-core/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero Website](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Kovri](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Kovri Website](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and i2p, as well as on multiple public domains. The live sites are NOT in scope, only the code is!\n\nNote on Scope: ONLY these projects are in scope. Other projects, such as the Monero forum, are either being deprecated or are out of scope.\n\n## Bounty\n\nWe award bounty through our [FFS](https://forum.getmonero.org/8/funding-required/87597/monero-bounty-for-hackerone).\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-09-01T10:07:03.447Z"},{"id":3559808,"new_policy":"# The Monero Project\n\n## Project-specific policies:\n\n- [Monero](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero GUI](https://github.com/monero-project/monero-core/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero Website](https://github.com/monero-project/monero-site/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Kovri](https://github.com/monero-project/kovri-docs/blob/master/developer/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Kovri Website](https://github.com/monero-project/kovri-site/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n\nNote: as a pro-privacy project we have volunteers running copies of the websites on hidden services on Tor and i2p, as well as on multiple public domains. The live sites are NOT in scope, only the code is!\n\nNote on Scope: ONLY these projects are in scope. Other projects, such as the Monero forum, are either being deprecated or are out of scope.\n\n## Bounty\n\nWe award bounty through our [FFS](https://forum.getmonero.org/8/funding-required/87597/monero-bounty-for-hackerone).\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-09-01T06:41:34.040Z"},{"id":3559807,"new_policy":"# The Monero Project\n\n## Project-specific policies:\n\n- [Monero](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero GUI](https://github.com/monero-project/monero-core/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero Website](https://github.com/monero-project/monero-site/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Kovri](https://github.com/monero-project/kovri-docs/blob/master/developer/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Kovri Website](https://github.com/monero-project/kovri-site/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n\nNote: ONLY these projects are in scope. Other projects, such as the Monero forum, are either being deprecated or are out of scope.\n\n## Bounty\n\nWe award bounty through our [FFS](https://forum.getmonero.org/8/funding-required/87597/monero-bounty-for-hackerone).\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-09-01T06:22:38.000Z"},{"id":3559803,"new_policy":"# The Monero Project\n\n## Project-specific policies:\n\n- [Monero](https://github.com/monero-project/monero/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero GUI](https://github.com/monero-project/monero-core/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Monero Website](https://github.com/monero-project/monero-site/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Kovri](https://github.com/monero-project/kovri-docs/blob/master/developer/VULNERABILITY_RESPONSE_PROCESS.md)\n- [Kovri Website](https://github.com/monero-project/kovri-site/blob/master/VULNERABILITY_RESPONSE_PROCESS.md)\n\n## Bounty\n\nWe award bounty through our [FFS](https://forum.getmonero.org/8/funding-required/87597/monero-bounty-for-hackerone).\n","has_open_scope":null,"pays_within_one_month":null,"protected_by_gold_standard_safe_harbor":null,"protected_by_ai_safe_harbor":null,"disclosure_declaration":null,"introduction":null,"platform_standards_exclusions":[],"exemplary_standards_exclusions":[],"scope_exclusions":[],"timestamp":"2017-08-31T21:03:08.954Z"}]