<aside> 🔗 Bug Bounty Program．Reported Bugs．GitHub．Wiki．Homepage
This is the details page of risk scoring and reward calculation for The Space Bug Bounty Program.
If you have a question for us, please email us at email@example.com.
On The Space Bug Bounty Program, we described that our approach to risk scoring is following OWASP Risk Rating Model based on “Impact” and “Likelihood”.
Every factor will be scored at 1-3 and average score as overall risk score.
|Threat Agent Factors|
|Skill Level||How technically skilled is this group of threat agents?|
|Motive||How motivated is this group of threat agents to find and exploit this vulnerability?|
|Opportunity||What resources and opportunities are required for this group of threat agents to find and exploit this vulnerability?|
|Size||How large is this group of threat agents?|
| Ease of Exploit | How easy is it for this group of threat agents to actually exploit this vulnerability? | | Awareness | How well known is this vulnerability to this group of threat agents? |
|Technical Impact Factors|
|Loss of Integrity||How much data could be corrupted and how damaged is it?|
|Loss of Availability||How much service could be lost and how vital is it?|
|Loss of Accountability||Are the threat agents’ actions traceable to an individual?|
|Business Impact Factors|
|Financial Damage||How much financial damage will result from an exploit?|
Risk Score =
Impact * Likelihood
|Likelihood \ Impact||Low (1)||Medium (2)||High (3)|
On The Space Bug Bounty Program, we described that rewards are distributed according to the level of overall risk severity and circulating supply at the time of reporting.
|Overall Risk Severity||Risk Score||Reward Amount||Reward in Year 1||Reward in Year 4|
|Critical||7 to ≤9||Up to 0.5% of $SPACE circulating supply||Up to 1,953,000 $SPACE||Up to 5,000,000 $SPACE|
|High||5 to <7||Up to 0.1% of $SPACE circulating supply||Up to 390,600 $SPACE||Up to 1,000,000 $SPACE|
|Medium||3 to <5||Up to 0.05% of $SPACE circulating supply||Up to 195,300 $SPACE||Up to 500,000 $SPACE|
|Low||1 to <3||0.01% of $SPACE circulating supply||39,600 $SPACE||100,000 $SPACE|
Reward Amount =
Risk Score / Upper Risk Score of Current Level * Upper Reward Amount of Current Level
For instance, risk score of #1 is 4, then the reward amount is
4 / 5 * 195,300 = 156,240.
<aside> ⭐ Stay tuned and find us on Twitter and Discord!