Overview
For the most part, our bounties and security priorities follow the most recent release of Bugcrowd's VRT. If you're unfamiliar with this, see these links:
Disputes over categories, priorities, and rewards will be settled as outlined in bullets four and five of
our pirate code.
Current Categories & Rewards
P6 - 1,000 Confection API credits
These are nice-to have, non-urgent dev tasks, enhancements, and fixes. They generally take +/- 1 day to complete. Examples include UI tweaks, branding adjustments, minor polishes to existing frameworks, architectures, &c.
P5 - $100
Important, but not critical, dev tasks, enhancements, and fixes. They generally take +/- 1 week to complete. Examples include user guides, testing, moderate polishes to existing frameworks, architectures, &c.
P4 - $500
Important dev tasks, enhancements, and fixes. They generally take +/- 2 weeks to complete. Examples include new integrations, new or enhanced product features, major adjustments to existing frameworks, architectures, &c.
P3 - $1,000
Critical, but not urgent, value-adding dev tasks, enhancements, and fixes. They generally take +/- 4 weeks to complete. Examples include novel builds, enhancements, and features and moderate additions to existing frameworks, architectures, &c.
P2 - $2,500
Urgent, important, value-adding dev tasks, enhancements, and fixes. They generally take +/- 6 weeks to complete. Examples include major additions to to existing frameworks, architectures, &c. and moderate new product directions and offerings.
P1 - $3,500
Mission-critical dev tasks, enhancements, and fixes. They generally take +/- 8 weeks to complete. Examples include discovering ways Confection can be blocked on the server or client side and urgent, important security fixes.
