security policy: Add out-of-scope section (bp #16249) (#16251)

* security policy: Add out-of-scope section (cherry picked from commit e9e46ff521) * Update SECURITY.md Co-authored-by: Michael Vines <mvines@gmail.com> (cherry picked from commit 700ebde474) Co-authored-by: Trent Nelson <trent@solana.com>
2021-03-31 04:49:17 +00:00
parent cf21719a07
commit 8b307ed409
1 changed files with 8 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -42,6 +42,14 @@ RPC DoS/Crashes:
 $5,000 USD in locked SOL tokens (locked for 12 months)
 * RPC attacks

+Out of Scope:
+The following components are out of scope for the bounty program
+* Metrics: `/metrics` in the monorepo as well as https://metrics.solana.com
+* Explorer: `/explorer` in the monorepo as well as https://explorer.solana.com
+* Any encrypted credentials, auth tokens, etc. checked into the repo
+* Bugs in dependencies. Please take them upstream!
+* Attacks that require social engineering
+
 Eligibility:
 * The participant submitting the bug bounty shall follow the process outlined within this document
 * Valid exploits can be eligible even if they are not successfully executed on the cluster