Welcome to SSC project

Bug report of SSC project

SSC project requires members to conduct bug test in the community
Vulnerabilities in SSc projects that affect the normal operation of the project can be submitted to the administrator through telegraph group
SSC only accepts the submission of new vulnerabilities in the specified SSC project list. If you think that the submitted vulnerability component is not in the existing list, but that the vulnerability is important, you are welcome to contact us to add
If you think your 0day has a huge impact and great harm, the vulnerability needs to include the vulnerability target, vulnerability impact version, vulnerability limitation, vulnerability exploitation result, vulnerability demonstration video, etc...
If the vulnerability meets the 1day standard, the vulnerability content must include the vulnerability target, vulnerability affected version, vulnerability limitation, vulnerability exploitation result, vulnerability demonstration video, etc...
The government encourages submission with detailed analysis and clear ideas. For pure copy content, such as content directly copied from exploit dB, which has no editing or needs to be greatly modified by auditors, auditors may directly refuse
SSC vulnerability: find POCS that support any language. If a PoC is submitted, the SSC project will be rewarded additionally according to the audit standard.

About the loophole reward grading system:
Low risk 50-500 sscoin
Medium risk 500-1500 sscoin
High risk 1500-10000 sscoin

Vulnerability coverage:
1. SSC official website
2. SSC POS mining
3. SSC POW mining
4. SSC nodes
5. SSC pledge mining
6. Products launched by all SSC core teams

Reward conditions:
1. Submit the vulnerability target of the response, vulnerability impact version, vulnerability limitation, vulnerability exploitation result, vulnerability demonstration video, etc.
2. The latest version of the target system must be affected
3. Vulnerabilities must endanger the security and integrity of the system itself, and can pose a substantial threat to the target
4. Endangering the security and integrity of the system itself: it refers to the vulnerability that can cause substantial threat to the target, such as Web CMS foreground, unauthorized, including but not limited to SQL injection, unauthorized login, rce, etc. For example, mail XSS vulnerability of mail server. For example, the vulnerability of DNS server includes but is not limited to rce and DDoS.

Due to copyright issues, vulnerability information shall not copy the contents of any public articles in any media, and shall not be adopted once it appears.

Vulnerability risk assessment
Use dream model to evaluate the risk
Dream definition:
D potential loss: if the defect is exploited, how much is the loss?
R reproducibility: how difficult is it to generate repeated attacks?
E availability: how difficult is it to launch an attack?
A affected users: in rough percentage, how many users are affected?
D discoverability: are defects easy to find?
Last:SSC recruits agents from different countries
Next:NULL