<aside> 🔗 Bug Bounty ProgramReported BugsGitHubWikiHomepage

</aside>

This is the details page of risk scoring and reward calculation for The Space Bug Bounty Program.

If you have a question for us, please email us at security@thespace.game.

Factors for Risk Scoring

On The Space Bug Bounty Program, we described that our approach to risk scoring is following OWASP Risk Rating Model based on “Impact” and “Likelihood”.

Every factor will be scored at 1-3 and average score as overall risk score.

Likelihood

Factors Description
Threat Agent Factors
Skill Level How technically skilled is this group of threat agents?
Motive How motivated is this group of threat agents to find and exploit this vulnerability?
Opportunity What resources and opportunities are required for this group of threat agents to find and exploit this vulnerability?
Size How large is this group of threat agents?
Vulnerability Factors

| Ease of Exploit | How easy is it for this group of threat agents to actually exploit this vulnerability? | | Awareness | How well known is this vulnerability to this group of threat agents? |

Impact

Factors Description
Technical Impact Factors
Loss of Integrity How much data could be corrupted and how damaged is it?
Loss of Availability How much service could be lost and how vital is it?
Loss of Accountability Are the threat agents’ actions traceable to an individual?
Business Impact Factors
Financial Damage How much financial damage will result from an exploit?

Risk Score = Impact * Likelihood

Likelihood \ Impact Low (1) Medium (2) High (3)
Low (1) 1 2 3
Medium (2) 2 4 6
High (3) 3 6 9

Reward Calculation

On The Space Bug Bounty Program, we described that rewards are distributed according to the level of overall risk severity and circulating supply at the time of reporting.

| --- | --- | --- | --- | --- |