MariaDB on HackerOne

We are pleased to announce the launch of our public bug bounty program on the HackerOne platform:

https://hackerone.com/mariadb

The aim for this program is two fold:

  1. Review the vulnerability submission channels, guidelines and policy for responsible disclosure, as well as asset identification and vulnerability handling process on our side.
  2. Encourage researchers to look for vulnerabilities in MariaDB code and have a way to incentivize reporting in accordance with the responsible disclosure model.

Goal no.1 resulted in changes to our general vulnerability classification process described at mariadb.org/about/security-policy/.  We now have two kinds of vulnerabilities, Critical and Medium severity, as well as a policy that should act as a guideline to the reporter as well as our team to ensure proper vulnerability management. …