Your cart is empty!
Live a little, go shopping!
|Card||Total in Cart||You Pay / You Save|
If you believe you have found a vulnerability on our site please read below before reporting.
Each submission should be send separately with attached proof of concept to: firstname.lastname@example.org.
All submissions and contact must be sent to the appropriate submission email. All other communication will be disregarded unless an individual specifically reaches out to you. Please do not ask for updates our your submissions, we will post them to your submission as quickly as we can.
In order to have a submission be honored, please follow the submission policy and the responsible disclosure policy. We will try to investigate all legitimate submissions and quickly remediate the vulnerability.
Rewards will only be awarded to the first person who submitted the vulnerability, duplicates will not be awarded a reward.
Rewards will range from your name on our acknowledgements page to a monetary reward.
In the event your submission is deemed valid for reward, we may do a partial reward when the vulnerability is first verified and then an additional reward once the vulnerability has been fixed. The format and timing of all bounty rewards shall be determined in our sole discretion.
If you comply with the policies below when reporting a security issue on our site, we will honor your submission if deemed valid and non-duplicate:
The scope of this program is limited to technical vulnerabilities in our browser extensions, mobile, and web applications. If you are unsure whether a service or a finding is eligible for a bounty or not, feel free to ask us at email@example.com. Below are some specific examples of eligible and ineligible submissions to help guide your research.
Any design or implementation issue that substantially affects the confidentiality or integrity of user data is likely to be in scope for the program. The program covers any exploitable vulnerability that can compromise the integrity of our user data, crash applications (leading to compromise of data) or disclose sensitive information. Common examples include but are not limited to:
Out of concern for the availability of our services to all users, please do not attempt to carry out DoS attacks, leverage black hat SEO techniques, spam people, or do any other questionable things. We also discourage the use of any vulnerability testing tools that automatically generate very significant volumes of traffic.
Final say on a submission falling in the scope of the program is left to our security department.
When submitting a finding, please submit one finding at a time. For each finding please follow below for proper way to submit to our program.
If you are selected as a recipient of a reward, and if you accept, we will need your contact details to process the submission’s reward. This includes: Full name (first and last), address, Paypal account name, email. You can still request not to be listed on our public credits page. There is an acknowledgment page to show who has found vulnerabilities for our program, that page can be seen here.
We are unable to issue rewards to individuals who are on sanctions lists, or who are in countries (e.g. Cuba, Iran, North Korea, Sudan and Syria) on sanctions lists. You are responsible for any tax implications depending on your country of residency and citizenship. There may be additional restrictions on your ability to enter depending upon your local law.
This is not a competition, but rather a discretionary rewards program. You should understand that we can cancel the program at any time and the decision as to whether or not to pay a reward has to be entirely at our discretion.
Your testing must not violate any law, or disrupt or compromise any data that is not your own.