English version:http://bbs.espressif.com/viewtopic.php?f=46&t=850
Chinese version:http://bbs.espressif.com/viewtopic.php?f=46&t=851
[Activity Ends] Espressif Bug Bounty Program [2015.03 - 2018.07]
PROGRAM DESCRIPTION
Espressif is pleased to update Bug Bounty Program with immediate effect on Feb.28th, 2016. We have increased the minimum amount to pay out to 2000 USD
for any developer reporting a previously unknown bug in our latest ESP8266 Non-OS or RTOS SDK. The award is sometimes increased, depending on the severity and scope of the bug, especially security bugs. WHAT CONSTITUTES AN ELIGIBLE BUG REPORT?
What is a bug? Anything that causes the software to reset, heap overflows, buffer overflows, or loss of wireless connectivity function. Problems caused by improper hardware system or buggy application codes are not considered SDK bugs. Only the latest firmwares are considered under this program. Multiple developers sometimes report the same bug; the award is given to the one who first files the bug report.
HOW DO I REPORT A BUG?
Fill the attached form and report it to bugbounty@espressif.com. Details of the bug are required, including bug name, SDK or AT version, hardware information, AP model, bug description, test steps, reference codes, log output and others.
We are not responsible for reports that we do not receive for any reason. Reports that are incomplete or Nostradamus-like will not be entertained. We may ask for clarification when needed.
I’VE REPORTED MY BUG, NOW WHAT?
- You will receive an email to acknowledge the receipt of your bug report.
- Our engineers will review the reported bug and validate its eligibility. If the bug causes security issues in system, please allow us to respond to you and fix the vulnerability before going public. The duration of review time will vary depending on the complexity and completeness of your reported bug, as well as number of bug reports we receive. You will get an update on the bug.
- Upon validation, you will be contacted to provide your paperwork to facilitate our payments for eligible bug reports.
BOUNTY PAYMENTS
In general, we will make payment for the bug reported via bank transfer.
You are responsible for any tax implications or local laws / rules that are relevant for your country.
RIGHTS RESERVED
Espressif reserves the right to decide if the bug report is valid. The decisions made by Espressif are final and binding.
[活动结束] Bug 赏金计划 [2015.03 - 2018.07]
计划简介:
乐鑫很高兴宣布更新乐鑫 Bug 赏金计划,并于 2016 年 2 月 28 日正式生效。我们将提高 RTOS bug 的反馈奖金至 2000 美金
,以鼓励更多开发者去使用并反馈乐鑫官方发布的 1.0 版本及以上的 RTOS SDK 中存在的未知问题。同时,我们也会继续为每个判定有效的非 OS SDK 中的 bug 支付 2000 美元的奖金。奖励金额会根据 bug 的严重性和潜在的影响范围适当增加。听起来很酷吧?让我们接着往下看。。。
什么是有效的 bug?
它首先是一个 bug。任何会引起软件重置、堆溢出、缓冲区溢出、网络断开等问题的都属于 bug, 但因开发者本人的硬件系统或应用代码的缺陷,导致这些问题出现的,不属于 SDK 的 bug。
它来自乐鑫最新发布的1.0版本及以上的SDK。较早版本或1.0以下版本中的 bug 不在此次计划内。
它是未知的。这意味着这个bug 在官方 SDK 发布时没有被公开,或者在您上报之前没有其他开发者反馈过这个 bug。
我要如何上报 bug?
请填写附件表格,并将其反馈至 bugbounty@espressif.com。您需要提供问题相关的详细信息,包括 bug 名称、SDK 或 AT 版本号、硬件模块信息、路由型号、Bug 描述、测试流程、参考代码、log 输出及其它必要信息。
如因意外情况未能收到您的邮件,或您反馈的 bug 不完整以致无法准确识别的,我们将不予采纳。如有需要,我们会跟您联系,希望您能对问题作出清晰的说明。
我已经上报了发现的 Bug,然后呢?
您将会收到我们的邮件,告诉您我们已经收到了您的问题反馈。
我们工程师将对您反馈的 bug 进行测试,并验证其有效性。如果 bug 涉及到系统安全,请允许我们与您取得联系以获取更多信息。审核时间因上报问题的复杂性和信息完整性,以及我们收到的反馈数量会有所差异。我们会及时向您更新我们的进展。
赏金支付
我们会通过银行转账来支付您的赏金。
您需要按您所在国家的法律法规支付相关的税费。
保留权利
乐鑫保留判定反馈的 bug 是否有效的权利。乐鑫对此的判定是最终且具有约束力的。
