The SRC bug bounty scope is unclear for most of the kubernetes community members.
It was announced in 2020 claiming to be targeting the core projects https://kubernetes.io/blog/2020/01/14/kubernetes-bug-bounty-announcement/#what-s-in-scope
The bug bounty scope covers code from the main Kubernetes organizations on GitHub, as well as continuous integration, release, and documentation artifacts. Basically, most content you’d think of as ‘core’ Kubernetes, included at https://github.com/kubernetes, is in scope
However, the definition in the hackerone page is larger than that and with a wider scope https://hackerone.com/kubernetes?type=team
It does not feel right that a Kubernetes project program so important , that impacts its subprojects and SIG is not documented within the community, or at least I could not find it in:
Let's try to discuss how to better document this and how to make this decisions more open so the rest of the community or at least steering has visibility on such important decisions.
The SRC bug bounty scope is unclear for most of the kubernetes community members.
It was announced in 2020 claiming to be targeting the core projects https://kubernetes.io/blog/2020/01/14/kubernetes-bug-bounty-announcement/#what-s-in-scope
However, the definition in the hackerone page is larger than that and with a wider scope https://hackerone.com/kubernetes?type=team
It does not feel right that a Kubernetes project program so important , that impacts its subprojects and SIG is not documented within the community, or at least I could not find it in:
Let's try to discuss how to better document this and how to make this decisions more open so the rest of the community or at least steering has visibility on such important decisions.