chore:create security policy (#1235)

Signed-off-by: Gino Cingolani <[email protected]>
decentraland · Sep 11, 2023 · 4ce3057 · 4ce3057
1 parent cfdad57
commit 4ce3057
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,36 @@
+# Security Policy
+
+## Supported Versions
+
+The only version supported is the `master` branch.
+
+## Reporting a Vulnerability
+Please send us a detailed description of the vulnerability using Immunefi: https://immunefi.com/bounty/decentraland/
+
+Such report should include:
+* Conditions for the bug to be triggered
+* Background and information about how the bug was found
+* Instructions to find the critical lines affected
+* Unit tests or instructions to trigger the bug
+
+## Compensation
+Our team will assess each submission individually and assign a level of severity according to its likelihood and impact Compensation will depend on the severity of the issue found as per the published policies in https://immunefi.com/bounty/decentraland/
+
+### Severity Level
+**Critical**
+Up to USD $18,000
+PoC Required
+
+**High**
+Up to USD $6,000
+PoC Required
+
+**Medium**
+Up to USD $3,000
+PoC Required
+
+**Low**
+USD $1,000
+PoC Required
+
+Note: Payouts are handled by the Decentraland Foundation team directly and covered by the Decentraland DAO treasury and are denominated in USD. However, payouts are done in MANA and USDT, with a minimum of 20% to be done in USDT.