Define a bug bounty program

[filfreire]

@yegor256, similar to what one finds in companies doing in https://www.hackerone.com/ I suggest we define a bug bounty program for both Zold and the web wallets projects.

Here's more detail of what could be done:

• Define a document (or add to an existing one, like the README) clearly stating the rules (and template) for reporting a security vulnerability (Disclosure, Eligibility, Exclusions, ...);
• Define the value (in $ or ZLD currency) for the reward levels for each type of eligible vulnerability;
• Describe how rewards are processed and transferred to the vulnerability reporter;
• Suggestion: setup this on a platform already specialised for the matter (like https://hackerone.com);

Regarding the type of vulnerabilities applicable for a bug bounty program, here's a few noteworthy examples of policies:

• https://hackerone.com/rockstargames
• https://hackerone.com/gitlab

[0crat]

@yegor256/z please, pay attention to this issue

[0crat]

@filfreire/z this project will fix the problem faster if you donate a few dollars to it; just click here and pay via Stripe, it's very fast, convenient and appreciated; thanks a lot!

[0crat]

The job #722 assigned to @yegor256/z, here is why; the budget is 30 minutes, see §4; please, read §8 and §9; if the task is not clear, read this and this; there will be no monetary reward for this job

[0crat]

Manual assignment of issues is discouraged, see §19: -5 point(s) just awarded to @yegor256/z

[0crat]

Bug was reported, see §29: +15 point(s) just awarded to @filfreire/z

[0crat]

@yegor256/z I see that you unassigned this issue; the order is still assigned to @yegor256/z though; to cancel the order use refuse, as in §6