<aside> 🔗 Bug Bounty Program.Reported Bugs.GitHub.Wiki.Homepage
</aside>
This is the details page of risk scoring and reward calculation for The Space Bug Bounty Program.
If you have a question for us, please email us at [email protected].
On The Space Bug Bounty Program, we described that our approach to risk scoring is following OWASP Risk Rating Model based on “Impact” and “Likelihood”.
Every factor will be scored at 1-3 and average score as overall risk score.
| Factors | Description |
|---|---|
| Threat Agent Factors | |
| Skill Level | How technically skilled is this group of threat agents? |
| Motive | How motivated is this group of threat agents to find and exploit this vulnerability? |
| Opportunity | What resources and opportunities are required for this group of threat agents to find and exploit this vulnerability? |
| Size | How large is this group of threat agents? |
| Vulnerability Factors | |
| Ease of Discovery | How easy is it for this group of threat agents to discover this vulnerability? |
| Ease of Exploit | How easy is it for this group of threat agents to actually exploit this vulnerability? |
| Awareness | How well known is this vulnerability to this group of threat agents? |
| Factors | Description |
|---|---|
| Technical Impact Factors | |
| Loss of Integrity | How much data could be corrupted and how damaged is it? |
| Loss of Availability | How much service could be lost and how vital is it? |
| Loss of Accountability | Are the threat agents’ actions traceable to an individual? |
| Business Impact Factors | |
| Financial Damage | How much financial damage will result from an exploit? |
Risk Score = Impact * Likelihood
| Likelihood \ Impact | Low (1) | Medium (2) | High (3) |
|---|---|---|---|
| Low (1) | 1 | 2 | 3 |
| Medium (2) | 2 | 4 | 6 |
| High (3) | 3 | 6 | 9 |
On The Space Bug Bounty Program, we described that rewards are distributed according to the level of overall risk severity and circulating supply at the time of reporting.
| Overall Risk Severity | Risk Score | Reward Amount | Reward in Year 1 | Reward in Year 4 |
|---|---|---|---|---|
| Critical | 7 to ≤9 | Up to 0.5% of $SPACE circulating supply | Up to 1,953,000 $SPACE | Up to 5,000,000 $SPACE |
| High | 5 to <7 | Up to 0.1% of $SPACE circulating supply | Up to 390,600 $SPACE | Up to 1,000,000 $SPACE |
| Medium | 3 to <5 | Up to 0.05% of $SPACE circulating supply | Up to 195,300 $SPACE | Up to 500,000 $SPACE |
| Low | 1 to <3 | 0.01% of $SPACE circulating supply | 39,600 $SPACE | 100,000 $SPACE |
Reward Amount = Risk Score / Upper Risk Score of Current Level * Upper Reward Amount of Current Level
For instance, risk score of #1 is 4, then the reward amount is 4 / 5 * 195,300 = 156,240.
<aside> ⭐ Stay tuned and find us on Twitter and Discord!
</aside>