Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case.
Two major factors will determine the amount of awarded tokens. They are as follows:
- Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
The code being opened, whoever finds bugs or some vulnerability in the code, the reward will also be high? For example, I find a vulnerability in popular open source software developed by Secure, so the award will be high?