Security Bug Bounty Program
At Hunter, the security of our users’ data is a priority. We build our software and infrastructure with this goal in mind. That’s why we decided to welcome help from the outside through our bounty program to put our security to the test!
To take advantage of it, you’ll need to follow a few guidelines:
- Do not disturb the service while you’re trying to find a vulnerability.
- Automated testing is not permitted.
- Respect the Terms of Service.
- Test only with your own data when investigating bugs, and do not interact with other accounts without the consent of their owners.
- If you gain access to our system, report it immediately.
- Do not publish any information regarding the vulnerability until we fixed it.
- Non non-technical attacks such as social engineering or phishing are outside of the scope of the program.
- We only award one bounty per vulnerability. If we receive multiple reports, the first one will receive the reward.
Our reward system is flexible and doesn’t have any strict upper or lower limit. This means particularly creative or severe bugs will be rewarded accordingly. The amount will exclusively depend on the severity of the vulnerability.
Please keep in mind this bounty program doesn’t concern regular bugs in our application, but only security flaws allowing intruders to gain access to data of other users. If you wish to report a regular bug, contact firstname.lastname@example.org.
Rewards will be sent using Paypal once the vulnerability has been fixed. These services collect a fee for processing the transaction, which gets deducted from the amount awarded.
Please email us at email@example.com if you found a security bug. In your message, include the steps to reproduce the breach. We’ll quickly get back to you and keep you updated as we fix the issue reported. Once the patch is online, we’ll pay your bounty.
If you have any question regarding the program, please contact us!
Hall of fame
- Adel Abdelfattah Bayoumi: $150
- Chase Miller: $150
- Prince Rawat: $50
- Maheshkumar Darji and Jigar Thakkar: $1400
- Harry M. Gertos: $150
- Aditya Agrawal: $150
18 Oct 2016