The "Ledger Bounty Program Reward Agreement" appears to have a clause that may allow Ledger to prevent a researcher from publish their own report.
>"You have complied and will continue to comply with the responsible disclosure process described in the Ledger Bounty Program which includes your agreement (a) not to disclose the security related bug to anyone without Ledger’s prior written consent," - [0]
I'm not a lawyer so I could be reading this wrong or maybe they never intended to enforce that clause.
>"You have complied and will continue to comply with the responsible disclosure process described in the Ledger Bounty Program which includes your agreement (a) not to disclose the security related bug to anyone without Ledger’s prior written consent," - [0]
I'm not a lawyer so I could be reading this wrong or maybe they never intended to enforce that clause.
[0]: Ledger Bounty Program Reward Agreement https://www.ledger.fr/wp-content/uploads/2018/03/Ledger-Boun...