Skip to main content

The ESP32 Security Bug Bounty Program (US$500!)

https://esp32.com/viewtopic.php?f=10&t=1572
https://github.com/espressif/esp-idf
https://espressif.com/en/products/hardware/esp32/overview

The ESP32 Security Bug Bounty Program

PROGRAM DESCRIPTION
Espressif is pleased to launch the ESP32 Security Bug Bounty Program with immediate effect from Mar. 30th, 2017 onwards.
We will offer US$500 to any developer reporting a previously unknown security-related bug in our latest ESP-IDF. $1729 more for proof of concept!

WHAT CONSTITUTES AN ELIGIBLE BUG REPORT?
In the following links you can find more details about our ESP-IDF Programming Guide, particularly about Security Function, Flash Encryption and Secure Boot. Bugs irrelevant to security are not included in the Bug Bounty Program.
Also, developers should focus only on the latest version of our ESP-IDF.

If multiple developers happen to report the same bug, the award will be given to the first one who files a bug report.

HOW DO I REPORT A BUG?
Fill in the attached form and send it to bugbounty@espressif.com. Full details about the bug are required, including bug name, bug description, the ESP-IDF version in which it was found, relevant hardware information, test steps, reference codes, log output, and any other information deemed necessary for identifying and verifying the reported bug.

ESP32 BUG REPORT TEMPLATE.docx
(9.71 KiB) Downloaded 150 times

We cannot accept responsibility for reports not properly sent. Incomplete or false reports will not be accepted. We may ask for clarifications if needed.

I’VE REPORTED A BUG, NOW WHAT?
  1. You will receive an email acknowledging the receipt of your bug report.
  2. Then, our engineers will review your report and validate its eligibility. The duration of reviewing may vary, depending on the complexity and completeness of your report, as well as number of bug reports we receive. In any case, you will get an update on the bug, as we shall respond to you personally and fix any confirmed vulnerability before going public.
  3. Upon bug verification, we shall contact you, asking to provide us with all necessary information that will facilitate your payment for eligible bug reports.

BOUNTY PAYMENTS
In general, we shall make payments via bank transfer. Award recipients are responsible for dealing with any tax implications or local laws, rules and regulations applicable to their country/ state/ province.

RIGHTS RESERVED
Espressif reserves the right to decide whether the bug report is valid. Decisions made by Espressif are final and binding.

We look forward to your participation!

Comments

Popular posts from this blog

The Difference Between LEGO MINDSTORMS EV3 Home Edition (#31313) and LEGO MINDSTORMS Education EV3 (#45544)

http://robotsquare.com/2013/11/25/difference-between-ev3-home-edition-and-education-ev3/ This article covers the difference between the LEGO MINDSTORMS EV3 Home Edition and LEGO MINDSTORMS Education EV3 products. Other articles in the ‘difference between’ series: * The difference and compatibility between EV3 and NXT ( link ) * The difference between NXT Home Edition and NXT Education products ( link ) One robotics platform, two targets The LEGO MINDSTORMS EV3 robotics platform has been developed for two different target audiences. We have home users (children and hobbyists) and educational users (students and teachers). LEGO has designed a base set for each group, as well as several add on sets. There isn’t a clear line between home users and educational users, though. It’s fine to use the Education set at home, and it’s fine to use the Home Edition set at school. This article aims to clarify the differences between the two product lines so you can decide which

Let’s ban PowerPoint in lectures – it makes students more stupid and professors more boring

https://theconversation.com/lets-ban-powerpoint-in-lectures-it-makes-students-more-stupid-and-professors-more-boring-36183 Reading bullet points off a screen doesn't teach anyone anything. Author Bent Meier Sørensen Professor in Philosophy and Business at Copenhagen Business School Disclosure Statement Bent Meier Sørensen does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations. The Conversation is funded by CSIRO, Melbourne, Monash, RMIT, UTS, UWA, ACU, ANU, ASB, Baker IDI, Canberra, CDU, Curtin, Deakin, ECU, Flinders, Griffith, the Harry Perkins Institute, JCU, La Trobe, Massey, Murdoch, Newcastle, UQ, QUT, SAHMRI, Swinburne, Sydney, UNDA, UNE, UniSA, UNSW, USC, USQ, UTAS, UWS, VU and Wollongong.

Building a portable GSM BTS using the Nuand bladeRF, Raspberry Pi and YateBTS (The Definitive and Step by Step Guide)

https://blog.strcpy.info/2016/04/21/building-a-portable-gsm-bts-using-bladerf-raspberry-and-yatebts-the-definitive-guide/ Building a portable GSM BTS using the Nuand bladeRF, Raspberry Pi and YateBTS (The Definitive and Step by Step Guide) I was always amazed when I read articles published by some hackers related to GSM technology. H owever , playing with GSM technologies was not cheap until the arrival of Software Defined Radios (SDRs), besides not being something easy to be implemented. A fter reading various articles related to GSM BTS, I noticed that there were a lot of inconsistent and or incomplete information related to the topic. From this, I decided to write this article, detailing and describing step by step the building process of a portable and operational GSM BTS. Before starting with the “hands on”, I would like to thank all the pioneering Hackers and Researchers who started the studies related to previously closed GSM technology. In particul