This is the details page of risk scoring and reward calculation for
The Space Bug Bounty Program.
If you have a question for us, please email us at security@thespace.game.
Factors for Risk Scoring
On
The Space Bug Bounty Program, we described that our approach to risk scoring is following OWASP Risk Rating Model based on “Impact” and “Likelihood”.
Every factor will be scored at 1-3 and average score as overall risk score.
Likelihood
Factors | Description |
Threat Agent Factors | ㅤ |
Skill Level | How technically skilled is this group of threat agents? |
Motive | How motivated is this group of threat agents to find and exploit this vulnerability? |
Opportunity | What resources and opportunities are required for this group of threat agents to find and exploit this vulnerability? |
Size | How large is this group of threat agents? |
Vulnerability Factors | ㅤ |
Ease of Discovery | How easy is it for this group of threat agents to discover this vulnerability? |
Ease of Exploit | How easy is it for this group of threat agents to actually exploit this vulnerability? |
Awareness | How well known is this vulnerability to this group of threat agents? |
Impact
Factors | Description |
Technical Impact Factors | ㅤ |
Loss of Integrity | How much data could be corrupted and how damaged is it? |
Loss of Availability | How much service could be lost and how vital is it? |
Loss of Accountability | Are the threat agents’ actions traceable to an individual? |
Business Impact Factors | ㅤ |
Financial Damage | How much financial damage will result from an exploit? |
Risk Score =
Impact * LikelihoodLikelihood \ Impact | Low (1) | Medium (2) | High (3) |
Low (1) | 1 | 2 | 3 |
Medium (2) | 2 | 4 | 6 |
High (3) | 3 | 6 | 9 |
Reward Calculation
On
The Space Bug Bounty Program, we described that rewards are distributed according to the level of overall risk severity and circulating supply at the time of reporting.
Overall Risk Severity | Risk Score | Reward Amount | Reward in Year 1 | Reward in Year 4 |
Critical | 7 to ≤9 | Up to 0.5% of $SPACE circulating supply | Up to 1,953,000 $SPACE | Up to 5,000,000 $SPACE |
High | 5 to <7 | Up to 0.1% of $SPACE circulating supply | Up to 390,600 $SPACE | Up to 1,000,000 $SPACE |
Medium | 3 to <5 | Up to 0.05% of $SPACE circulating supply | Up to 195,300 $SPACE | Up to 500,000 $SPACE |
Low | 1 to <3 | 0.01% of $SPACE circulating supply | 39,600 $SPACE | 100,000 $SPACE |
Reward Amount =
Risk Score / Upper Risk Score of Current Level * Upper Reward Amount of Current LevelFor instance, risk score of #1 is 4, then the reward amount is
4 / 5 * 195,300 = 156,240.