Hacker Terms and Conditions
At Bugbounter, trust is our #1 value and we take the protection of our customers’ and researchers’ data very seriously.
1-You ARE welcome!
The Bugbounter team acknowledges the valuable role that independent security researchers play in internet security. As a result, we encourage responsible reporting of any vulnerabilities that may be found in our customers’ site, applications and/or devices.
Bugbounter is committed to working with security researchers and white hat hackers to report and verify any potential vulnerabilities that are reported through the platform.
2-You ARE safe with us!
Bugbounter pledges not to initiate legal action against YOU (vulnerability security researchers & white hat hackers) as with good will for penetrating or attempting to penetrate our customers’ systems as published at the bounties if you adhere to this policy.
If you follow our guidelines neither our customers & their third-parties nor Bugbounter will pursue or support any legal action related to your research.
3-You ARE expected to play the game by the rules!
While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited:
- Performing actions that may negatively affect customers’ or its users’ operation (e.g. Spam, Brute Force, Denial of Service…)
- Copying, saving, transferring, storing data or information that does not belong to you
- Leaving a backdoor after you’ve proved your penetration
- Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you (without explicit permission of the owner)
- Conducting any kind of physical or electronic attack on customers’ personnel, property or data centers
- Social engineering any customer’s service desk, employee or contractor
- Conduct vulnerability testing & attacks to out-of-scope resources
- Negotiating the payout amount under threat of withholding the vulnerability or threat of releasing the vulnerability or any exposed data to the public
- Posting the vulnerability information or customer data to the Dark Web where there’s a thriving market for data and remote access
- Publicly expose the flaw to embarrass a company, allowing other hackers to exploit the information
- Violating any laws or breaching any agreements in order to discover vulnerabilities
4-You CAN make a mistake inadvertently!
Please be respectful of your testing applications. Only extract the bare minimum of data needed to prove your point. Contact us immediately if you inadvertently encounter user data. Immediately purge any local information upon resolution of your vulnerability report and receiving your reward.
5-Please BE patient!
We ask you not to share or publicize your verified vulnerability with/to third parties with impatience. Before making any information about it public please give our customers a reasonable time to respond to your submitted issue:
- Until it is fixed or,
- Until a timeframe after first submission (defined by Customer) or,
- Until after giving the organization X days of notice (defined by Researcher) or,
- Until a mutually agreed deadline