HACK SIV Scoring

	B	C	D	E	F	G	H	I	J
1	#	Author	Title	Link	SIV Allocation	Public Allocation	Total	Diff	Relative Diff

2	2	cjackett	Weak RNG in Auth Token Generation	https://github.com/siv-org/siv/issues/178	$634.92	$498.44	$1,133.36	-$136.48	24%
3	4	mspecter	"I will pay $1 for your vote"	https://github.com/siv-org/siv/issues/181	$113.38	$744.29	$857.67	$630.91	147%
4	42	aaspring	2nd Device Malware Verification Check could be fooled by rerouting the QR code to another malicious site	https://github.com/siv-org/siv/issues/231	$566.89	$284.93	$851.82	-$281.96	66%
5	31	anon-person404	The Frontend & Backend is Open to Supply Chain Attacks	https://github.com/siv-org/siv/issues/204	$340.14	$285.78	$625.92	-$54.36	17%
6	11	mspecter	SIV webapp could maliciously steal Observer's private key	https://github.com/siv-org/siv/issues/197	$272.11	$164.29	$436.40	-$107.82	49%
7	18	mspecter	Risks associated with Firebase dependency	https://github.com/siv-org/siv/issues/197	$340.14	$91.45	$431.59	-$248.69	115%
8	16	mspecter	Unclear defense against malicious clients	https://github.com/siv-org/siv/issues/197	$226.76	$157.43	$384.19	-$69.33	36%
9	6	anon	risk of border gateway protocol attacks?	https://github.com/siv-org/siv/issues/191	$272.11	$82.88	$354.99	-$189.23	107%
10	33	anon-person404	Chrome Client Compromise & Vote Manipulation	https://github.com/siv-org/siv/issues/221	$68.03	$250.65	$318.68	$182.62	115%
11	25	GABuras	Email disinformation	https://github.com/siv-org/siv/issues/197	$113.38	$187.21	$300.59	$73.83	49%
12	17	mspecter	Vulnerability to email delivery manipulation by Mailgun	https://github.com/siv-org/siv/issues/197	$113.38	$178.60	$291.98	$65.22	45%
13	41	GABuras	Preparing for missing encryption receipts	https://github.com/siv-org/siv/issues/189	$68.03	$218.44	$286.47	$150.41	105%
14	1	cjackett	Lack of Input Validation and Sanitization in Admin Login Endpoint	https://github.com/siv-org/siv/issues/177	$136.05	$145.74	$281.79	$9.69	7%
15	9	mspecter	Lack of formal threat model	https://github.com/siv-org/siv/issues/197	$113.38	$159.31	$272.69	$45.93	34%
16	23	mspecter	Vulnerable to chosen hosting service	https://github.com/siv-org/siv/issues/197	$158.73	$83.60	$242.33	-$75.13	62%
17	40	GABuras	Duplicate Verification Numbers	https://github.com/siv-org/siv/issues/189	$22.68	$197.92	$220.60	$175.24	159%
18	13	mspecter	Too thin docs for voter remediation procedures	https://github.com/siv-org/siv/issues/197	$158.73	$47.27	$206.00	-$111.46	108%
19	15	mspecter	Missing Merkle tree implementation	https://github.com/siv-org/siv/issues/197	$158.73	$27.17	$185.90	-$131.56	142%
20	24	GABuras	Verification went to spam	https://github.com/siv-org/siv/issues/196	$68.03	$107.53	$175.56	$39.50	45%
21	19	mspecter	Security concerns with Google Tag Manager	https://github.com/siv-org/siv/issues/197	$113.38	$60.31	$173.69	-$53.07	61%
22	12	mspecter	Malicious observers could block decryption	https://github.com/siv-org/siv/issues/197	$113.38	$57.86	$171.24	-$55.52	65%
23	22	mspecter	Vulnerability to malicious pushover?	https://github.com/siv-org/siv/issues/197	$113.38	$57.29	$170.67	-$56.09	66%
24	30	cjackett	Shorten JWT Expiration Time for Improved Session Management	https://github.com/siv-org/siv/issues/203	$90.70	$64.42	$155.12	-$26.28	34%
25	29	cjackett	Explicitly Set JWT Signing Algorithm to Ensure Security	https://github.com/siv-org/siv/issues/202	$22.68	$127.58	$150.26	$104.90	140%
26	37	pleasework-sh	Same email can be verified twice	https://github.com/siv-org/siv/issues/189	$68.03	$72.86	$140.89	$4.83	7%
27	14	mspecter	Risk of false claims of ballot discrepancies	https://github.com/siv-org/siv/issues/197	$113.38	$9.57	$122.95	-$103.81	169%
28	34	pmeyerson	Voter Extortion	https://github.com/siv-org/siv/issues/223	$90.70	$32.14	$122.84	-$58.56	95%
29	7	cjackett	Unrestricted CORS Policy Vulnerability	https://github.com/siv-org/siv/issues/193	$22.68	$88.57	$111.25	$65.89	118%
30	32	cjackett	Potential Denial of Service (DoS) Vulnerability Due to High Volume of Requests	https://github.com/siv-org/siv/issues/205	$0.00	$107.29	$107.29	$107.29	200%
31	26	Automatic476	No Security.md file for tracking versions within the repo	https://github.com/siv-org/siv/issues/198	$45.35	$60.17	$105.52	$14.82	28%
32	5	mspecter	docs: coercion resistance !== receipt-freeness	https://github.com/siv-org/siv/issues/190	$45.35	$60.00	$105.35	$14.65	28%
33	27	Automatic476	Vulnerabilites Found Based on Questions	https://github.com/siv-org/siv/issues/199	$68.03	$32.86	$100.89	-$35.17	70%
34	39	pleasework-sh	Votes can be submitted with the same ciphertexts	https://github.com/siv-org/siv/issues/189	$22.68	$67.14	$89.82	$44.46	99%
35	28	cjackett	Avoid Logging JWT Contents to Prevent Sensitive Data Exposure	https://github.com/siv-org/siv/issues/201	$22.68	$57.14	$79.82	$34.46	86%
36	10	mspecter	Unclear role and security of observers	https://github.com/siv-org/siv/issues/197	$45.35	$8.17	$53.52	-$37.18	139%
37	8	cjackett	Move Sensitive Environment Variables to a Secret Management Service	https://github.com/siv-org/siv/issues/194	$0.00	$52.14	$52.14	$52.14	200%
38	20	mspecter	Pusher as a single point of failure for observer communication	https://github.com/siv-org/siv/issues/197	$22.68	$24.57	$47.25	$1.89	8%
39	21	mspecter	Vulnerability to malicious supabase?	https://github.com/siv-org/siv/issues/197	$22.68	$18.14	$40.82	-$4.54	22%
40	38	worldpeaceworker	lack of did support and human verification system	https://github.com/siv-org/siv/issues/189	$11.34	$2.57	$13.91	-$8.77	126%
41	36	pleasework-sh	Users may mistype email address for verification	https://github.com/siv-org/siv/issues/189	$0.00	$11.43	$11.43	$11.43	200%
42	35	pmeyerson	System Integrity Proof?	https://github.com/siv-org/siv/issues/224	$0.00	$7.57	$7.57	$7.57	200%
43	3	phish	Proposed custom-verification-text eases(?) vote selling	https://github.com/siv-org/siv/issues/115#issuecomment-2273475134	$0.00	$7.29	$7.29	$7.29	200%
44