Runbox 7 Feature and Bug Bounty Program

The Runbox 7 project represents an ambitious plan to revolutionize the world of webmail services, and with the Runbox 7 open source launch on https://github.com/runbox/runbox7 we have invited skilled developers to join us in this quest.

Now we are excited to announce a bounty program to accelerate development further. The program is two-fold and introduces bounties for both features and bugs.


Feature bounties

We encourage you to contribute to Runbox 7 with your skill and talent by adding new functionality that all Runbox 7 users can enjoy.

All contributions must include tests and documentation in order to be accepted.

Gold – $1,000 reward

Gold bounties are rewarded for contributing major new features that involve substantial additions to the Runbox 7 code base.

Examples of such features can be found on the Runbox 7 Roadmap and include complete, new screens for Account, Files, or Manager with REST endpoint specifications.

Other examples are significant optimizations of the code that improve performance or substantially restructures or refactors the code base.

Silver – $500 reward

Silver bounties are given for contributions of medium-sized new features or additions of new functionality that improves existing features.

Examples of such features can be found on the Runbox 7 Roadmap and include new screens for sections under Account, Files, or Manager with REST endpoint specifications.

Bronze – $100 reward

Smaller features or functionality that extends or improves existing features.

Examples include those listed on Github as Runbox 7 enhancement issues (urgent and critical).

Iron – $10 reward

Minor features or functionality that extends or improves existing features.

Examples include those listed on Github as Runbox 7 enhancement issues (trivial, low, and medium).

Bug bounties

Integrity and reliability is paramount to our operations and although we take all reasonable precautions to prevent bugs, all open source software benefits from thorough reviews from the community.

Therefore we provide bug bounties with an emphasis on problems that could impact the integrity of our services.

High – $1,000 reward

Reporting severe errors that could lead to elevated privileges, significant data compromise, or service downtime.

To be eligible for this bounty:

  • You must not publicly disclose your finding.
  • You must never exploit any found vulnerability.
  • You must send a detailed explanation with steps to reproduce the bug.
  • You may submit a patch that fixes the issue for a double bounty!

Examples include issues listed on Github as Runbox 7 bug issues (critical).

Medium – $500 reward

Reporting vulnerabilities that provide limited access and that could result in denial of service, manipulation of individual accounts, or temporary problems that affect limited data sets.

To be eligible for this bounty:

  • You must not publicly disclose your finding.
  • You must never exploit any found vulnerability.
  • You must send a detailed explanation with steps to reproduce the bug.
  • You may submit a patch that fixes the issue for a double bounty!

Examples include issues listed on Github as Runbox 7 bug issues (critical).

Low – $100 reward

Vulnerabilities that have a low impact on our operations or that require significant knowledge about our systems.

Examples include issues listed on Github as Runbox 7 bug issues (urgent).

Trivial – $10 reward

Minor bugs that are annoyances rather than vulnerabilities, and that don’t affect the integrity or reliability of our services.

Examples include those listed on Github as Runbox 7 bug issues (trivial, low, and medium).

How to get started

To get started with our bounty program, have a look at our Runbox 7 GitHub repository at https://github.com/runbox/runbox7.

We are marking issues that are suitable for new contributors with “good first issue“.

Then review our contribution guidelines and follow the instructions there: https://github.com/runbox/runbox7/blob/master/CONTRIBUTING.md


Continue Reading →