Skip to content

Add "Flow Rewards" section to Atree Security Policy #620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fxamacker wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add "Flow Rewards" section to Atree Security Policy #620

fxamacker wants to merge 2 commits into from

Conversation

@fxamacker
Copy link
Member

@fxamacker fxamacker commented Jan 22, 2026
edited
Loading

This PR adds a "Flow Rewards" section to SECURITY.md with some text paraphrased from some of @j1010001 ideas today, which might reduce security-related noise while still encouraging valid security reports.

Thanks @j1010001! 👍

Caveats

  • If we make the text too strict, we may risk discouraging valid security reports.
  • If we make the text too relaxed, we may spend more time reviewing and disqualifying invalid security reports.
  • Targeted PR against main branch
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work
  • Code follows the standards mentioned here
  • Updated relevant documentation
  • Re-reviewed Files changed in the Github PR explorer
  • Added appropriate labels

@fxamacker
Add "Flow Rewards" section to SECURITY.md
bdf994d 
This commit adds a "Flow Rewards" section to SECURITY.md with some text (paraphrased from Jan's ideas) that might reduce security-related noise while still encouraging valid security reports.
@fxamacker fxamacker requested a review from j1010001 January 22, 2026 01:59
@fxamacker fxamacker requested a review from turbolent as a code owner January 22, 2026 01:59
@fxamacker fxamacker added the documentation Improvements or additions to documentation label Jan 22, 2026
@fxamacker
Replace text that is moved to vulnerability disclosure program
3e94650 
The first paragraph under "Flow Rewards" section is moved to the vulnerability disclosure program by Jan, so we don't have to keep that requirement in this document.

This commit replaces the specific requirement with the more general statement:

"Security reports that follow the guidelines and meet other conditions of the vulnerability disclosure program might qualify for Flow Protocol Rewards."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@j1010001 j1010001 Awaiting requested review from j1010001

@turbolent turbolent Awaiting requested review from turbolent turbolent is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fxamacker