From d44a6c38c27e6df63a0477145f93dcb1097d01e9 Mon Sep 17 00:00:00 2001
From: pandaninjas <101084582+pandaninjas@users.noreply.github.com>
Date: Sun, 25 Dec 2022 16:31:17 +0000
Subject: Update SECURITY.md
---
SECURITY.md | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/SECURITY.md b/SECURITY.md
index da25fbf..d9d5e6d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -10,17 +10,13 @@ Currently all versions are supported.
## Reporting a Vulnerability
-Use this section to tell people how to report a vulnerability.
-
-Tell them where to go, how often they can expect to get an update on a
-reported vulnerability, what to expect if the vulnerability is accepted or
-declined, etc.
-
-A vulnerability is currently defined as being able to get the session ID with only a mod that gets loaded after NoSession loads its tweaker.
-A non-comprehensive list of out of scope vulnerabilities:
-- Stealing information from launcher files
-- Using the OS level args methods
+A vulnerability is currently defined as being able to get the session ID with only a mod that gets loaded after NoSession loads its tweaker.
+Vulnerabilities that are out of scope are defined as those that NoSession itself cannot prevent.
However, if you can produce a patch for an out of scope vulnerability, a bug bounty will be awarded as well.
The bug bounty is a $5 USD Amazon Gift Card. I might run out, so it's awarded on a first come, first serve basis.
+
+Report the bug bounty by emailing admin@malwarefight.gq or by sending a DM to PandaNinjas#3017 on Discord.
+If you would like, you can encrypt the message with my [public GPG key](https://raw.githubusercontent.com/pandaninjas/pandaninjas/main/pandaninjas-publickey.key)
+Your bug bounty may be invalidated if you disclose it to the public before.
--
cgit