From c90b7881a7313a9b36c7069769b5489c3be4f014 Mon Sep 17 00:00:00 2001
From: bcoles <bcoles@gmail.com>
Date: Sat, 16 Jan 2021 23:09:01 +1100
Subject: Website: Bounty: Add rule for user interaction/social engineering
 (#4974)

---
 Meta/Websites/serenityos.org/bounty/index.html | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Meta/Websites')

diff --git a/Meta/Websites/serenityos.org/bounty/index.html b/Meta/Websites/serenityos.org/bounty/index.html
index 3307df6493..2efd65dcde 100644
--- a/Meta/Websites/serenityos.org/bounty/index.html
+++ b/Meta/Websites/serenityos.org/bounty/index.html
@@ -21,6 +21,7 @@
         <li>The PoC exploit needs to work against the master branch at the time of claim.</li>
         <li>Max 5 bounties per person.</li>
         <li>No duplicates. If a bug is already reported, only the earliest reporter may claim the reward. This includes bugs found by continuous fuzzing systems.</li>
+        <li>No rewards for bugs that require unlikely user interaction or social engineering.</li>
         <li>Remote bugs must be exploitable with an unmodified "default setup" of SerenityOS. Bugs in programs that are not started by default don't qualify.</li>
         <li>The PoC exploit needs to work on a QEMU-emulated CPU that supports SMAP, SMEP, UMIP, NX, WP, and TSD natively.</li>
         <li>SerenityOS always runs with assertions enabled, so you'll need to find a way around them.</li>
-- 
cgit v1.2.3