Submit bug report: https://www.ruby-lang.orgA Programmer's Best Friend
This bounty program is for security issues in the Ruby programming language, neither websites (including *.ruby-lang.org) nor third party applications. Please submit issues that are regarding the Ruby programming language. You may also submit website issues, but in principle, they are outside the scope of the bounty program.
Documentation on Ruby can be found here.
Internet Bug Bounty Qualification
The Internet Bug Bounty awards security research on Ruby. If your vulnerability meets the eligibility criteria, you can submit the post-fix information to the IBB for payout. As the IBB supports the whole vulnerability lifecycle, these bounty awards are awarded as an 80/20 split, where 80% will go to you, the finder, and 20% will be given to Ruby to continue to support the vulnerability remediation efforts.
The project maintainers have final decision on which issues constitute security vulnerabilities. The IBB team will respect their decision, and we ask that you do as well.
Safe Harbor
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
