Update: I’ve updated this post with new rules and more clarification of the rules. Old rules are
struck out, with the additions in italics. Rules that stay the same are unaffected. Please see this post for a complete update on how the exploit reporting feature is working out.
We take exploits very seriously and to prove it, we’ve added an Exploit category to the in-world bug reporter in Wednesday’s (August 2, 2006) release. When you are pretty sure the bug you have encountered is an exploit just report the bug normally in the viewer (Help > Report Bug) and choose the category Exploit to have such bugs shuffled up in the priority queue and brought to our immediate attention. How immediate? It’ll go to my email, which happens to go to my phone! You should get a response quickly, even during non-business hours.*
To further prove our dedication to exploit exorcism, we’re offering a limited-time exploit bounty of L$ 10,000 to the resident who first reports an exploit via the inworld bug reporter and tags it as an exploit.
At least one of the following criteria must be met to get the loot:
- The bug allows unauthorized access to scripts or other assets
- The bug allows unauthorized copying, transferring or modifying of object that you do not have the rights to (permissions bugs)
- The bug allows others to remove, return, destroy or alter inworld content they do not own nor have modify rights to (either by a group or a friendship modify grant)
- The bug can be used to steal or create Linden Dollars (L$).
- The bug could potentially cause a compromise of the grid
or resident privacy
In addition all of the following must be met:
- The reproduction case must be clear and immediately reproducible. You must provide steps I can follow at o’dark hundred in the morning, SLT. Blank bugs will be deleted, cursed and and may get your avatar reverted to Ruth at my discretion.
- You must not post the exploit to the forums, distribute notecards with the repro case or otherwise publicize the exploit.
- You must not use the exploit for personal gain.
- Only the first resident to report a specific exploit with a clear and reproducible reproduction case will receive the bounty.
This offer is valid from August 2, 2006 until September 30, 2006**.
One bounty per resident, not one bounty per exploit. In the case that multiple residents report the same exploit the first one who reported it with a clear and reproducible repro will get the green. Please note that this is not a hotline to Linden. It should not be abused or used for anything other than exploits. These reports will wake me up in the middle of the night, causing me to get out of bed, trip over my laptop, curse the person who woke me up and start repro’ing your bug — all without coffee, contact lenses or daylight! Bug reports that are clearly not exploit reports will not only be ignored*** but could also get you added to a no-email list. Abuse of the system could also garner abuse team action (harassing Lindens in the middle of the night counts as abuse). Please keep this in mind when you try to slip a regular old run-of-the-mill bug under the radar!
We hope this helps prove our commitment to stopping exploits. We ask in return that you do not post exploits to the forums, Linden blogs or talk about them inworld.
*Actual developer response time and fix deployment will vary.
** Please see this post for clarification as to what an exploit is and is not.
*** Crying wolf will get you removed from my holiday card list, your bug will be deleted and you will be asked to enter the bug again using the conventional options.