Astricks bug bounty program

I want to participate in the Asterisk Bug Bounties program.
I do not know a number of things:
1 What kind of bugs are acceptable in the program? (DOS is considered? Or just RCE?)
2 How do I submit and prove what I found? (Enough to point to a code snippet and show here and here is the vulnerability or that I must show the entire flow to weakness + an example of a crash or something in this style (and maybe even I should add a code fix)?
3 To whom do I present what I found and who exactly pays me?

Thanks in advance.

The project does not have a financial bug bounties program. From a security vulnerability perspective there is documentation on the wiki[1] of how to report such things.


1 Like

There are a couple of Bounties on the asterisk-dev mailing list right now.

1 Like

Thank you, I should have clarified that companies or individuals are free to post bug bounties themselves. I was strictly looking at it from a security bounty perspective.

1 Like