6:["$","main",null,{"className":"container mx-auto w-4/5 font-work-sans","children":["$","section",null,{"className":"px-4 py-8","children":["$","div",null,{"className":"mx-auto max-w-3xl","children":[["$","h2",null,{"id":"faqtestid","className":"mb-6 text-center font-industry text-4xl","children":"FAQ"}],[["$","$Ld","why-are-you-doing-this.md",{"file":{"title":"Why are you doing this?","content":"

We believe open-source is a public good, and it's our responsibility to enhance security across critical projects. In AI/ML, this commitment is crucial due to its widespread integration. Our dedication to collaborative efforts aims to shape the future of innovation and safeguard its benefits for all.

"}}],["$","$Ld","who-are-you.md",{"file":{"title":"Who are you?","content":"

At Protect AI, we stand with the hacker community, embracing their expertise in uncovering AI/ML vulnerabilities. They are invaluable partners in our mission to ensure robust and secure systems.

"}}],["$","$Ld","where-do-i-report-bugs-or-features.md",{"file":{"title":"Where do I report bugs or feature requests?","content":"

We believe that the best ideas can come from anyone, anywhere. If you find any bugs, or feature requests that you think are worth addressing, please contact us.

"}}],["$","$Ld","where-can-find-your-privacy-policy.md",{"file":{"title":"Where can I find your Privacy Policy?","content":"

Our Privacy Policy is located here.

"}}],["$","$Ld","where-can-I-report-new-vulnerabilities.md",{"file":{"title":"Where can I report new vulnerabilities?","content":"

You can submit a vulnerability disclosure by using our new disclosure form.

"}}],["$","$Ld","where-can-I-find-previously-verified-submissions.md",{"file":{"title":"Where can I see previously verified submissions?","content":"

View our hacktivity page to see advisories that have been verified by open source maintainers.

"}}],["$","$Ld","what-is-the-best-way-to-contact-maintainers.md",{"file":{"title":"What is the best way to contact a maintainer?","content":"

Use our advisory chat feature. Once a maintainer has signed up to the platform, they will be notified of all new chat interactions on the specific advisory.

"}}],["$","$Ld","what-is-in-scope.md",{"file":{"title":"What is in scope?","content":"

We gladly welcome vulnerabilities in almost all AI/ML public repositories on GitHub. To ensure a smooth hunting experience, we kindly request you to familiarize yourself with our guidelines before embarking on your search. Head over to our bounties page to kickstart your exhilarating vulnerability hunting journey.

For detailed instructions on submitting vulnerabilities related to Protect AI and its assets, we encourage you to review our vulnerability disclosure policy. Your collaboration in upholding security standards is truly appreciated.

"}}],["$","$Ld","what-are-your-plans-for-the-near-future.md",{"file":{"title":"What are your plans in the near future?","content":"

We advocate open-source and learn from security researchers, maintainers, and developers. AI/ML plays a key role in shaping open source security. Together, we can conquer this challenge.

Is there something you are not happy with? Get in touch or join our Discord - we want to hear from you!

"}}],["$","$Ld","unresponsive-maintainer.md",{"file":{"title":"What are the implications when the maintainer is unresponsive?","content":"

If the maintainer doesn't respond within 45 days and the CVSS score is >7.0, it will go into our manual review. For CVSS <7.0 and no response or reasonable timeframe from the maintainer, we may opt to disclose vulnerabilities as early as 45 days following our initial contact attempt, regardless of the availability of a patch or update.

"}}],["$","$Ld","how-is-the-bounty-calculated.md",{"file":{"title":"How is the bounty reward calculated?","content":"

We have created an industry-first equation to understand the popularity, impact and value of repositories to the open source community. We use this accordingly to set bounty rewards for repositories.

The bounty reward for fixing a vulnerability, is calculated as a percentage of the repositories bounty value.

Want to know how much you can earn for finding a vulnerability in a repository? Check out our bounties page.

"}}],["$","$Ld","how-do-you-assign-cves.md",{"file":{"title":"How do you assign CVEs?","content":"

We are a CNA (CVE Numbering Authority). This gives us the ability to assign CVE IDs against reports disclosed to us.

"}}],["$","$Ld","how-do-i-get-in-contact-with-you.md",{"file":{"title":"How can I get in touch?","content":"

Use the live chat on the site, contact us or join our Discord community !

"}}],["$","$Ld","how-do-i-get-a-cve.md",{"file":{"title":"How do I get a CVE for my verified advisory?","content":"

Once the maintainer has verified your disclosure, we will begin the CVE assignment process on your behalf. You do not have to do anything.

"}}],["$","$Ld","how-do-i-fund-a-project.md",{"file":{"title":"How do I fund a project?","content":"

If you would like to fund the security research for a project, please get in touch.

"}}],["$","$Ld","how-do-i-change-the-details.md",{"file":{"title":"Can I edit the details of a report?","content":"

If you are the discloser, you can edit the content of the details section through the advisory page.

If you are a maintainer, you can adjust the severity of the report and suggest other changes using the comments section.

"}}],["$","$Ld","how-do-I-know-if-my-fix-has-been-accepted.md",{"file":{"title":"How do I know if my disclosure or fix has been rewarded?","content":"

It is up to the maintainer of the repository to decide whether or not a disclosure or fix is valid. Once the maintainer validates or confirms a fix, you will be notified by e-mail.

"}}],["$","$Ld","how-do-I-cash-out.md",{"file":{"title":"How do I cash out my rewards/bounties?","content":"

We pay bounties each month, typically on the 25th, via Stripe Connect. For the first month that you are due a payment, you will receive an email requesting you to create a Stripe Connect account. There you will need to provide your identity and payment information so that your account can be verified. Once your account is verified, you will receive an email confirming the details of your payout. In subsequent months, you will only receive an email confirming the details of your payout.

Stripe Connect supports payouts to most countries. You can see the full list of supported countries here. If your country is not in this list, we will not be able to process a payout to you, but instead can offer to donate your payout to charity.

"}}],["$","$Ld","do-you-support-custom-security-process.md",{"file":{"title":"Do you support custom security policies?","content":"

We understand that different repositories have their own security policies and processes in place. If you have a valid e-mail address in your repository SECURITY.md, we will reach out with any disclosures to this address.

If you have any questions or personal requirements, and still want to receive disclosures through our platform, we would love to hear from you.

"}}],["$","$Ld","are-all-reports-public-or-private.md",{"file":{"title":"Are reports public or private by default?","content":"

Currently, all new reports that we receive go through a co-ordinated disclosure process. This means that the advisory page is only visible to the reporter and maintainers of the vulnerable repository.

"}}]]]}]}]}]