I want to participate in the Asterisk Bug Bounties program.
I do not know a number of things:
1 What kind of bugs are acceptable in the program? (DOS is considered? Or just RCE?)
2 How do I submit and prove what I found? (Enough to point to a code snippet and show here and here is the vulnerability or that I must show the entire flow to weakness + an example of a crash or something in this style (and maybe even I should add a code fix)?
3 To whom do I present what I found and who exactly pays me?
Thanks in advance.