Bug Bounty process

How it works

  • You will need to register your account (or the HackenProof team will register), and draft the program rules & rewards, and specify targets for hackers (or our team will lead this process as well)
  • As soon as everything is agreed with the HackenProof team, the program comes alive. Then HackenProof will make social media announcements and another process around the promotion
  • Researchers will start submitting vulnerability reports
  • As soon as you get the report you need to review (or the HackenProof team) it due to the specified program SLA
  • If the reviewed report is valid you will pay through the HackenProof platform to the researcher

Before the Bug Bounty

During the Bug Bounty

  • Please don't break the rules. If you don't follow Program SLA we will delist you from the HackenProof platform
  • The final decision on the severity level and a bounty is always on the client, but please don't try to downgrade the hacker reward or hide the real severity of the report. If you don't follow the rules we will delist you from the HackenProof platform
  • If you triage reports by yourself we may still ask you to allow us to review some reports if researchers have notified us of a reduced reward or severity
  • Please avoid discussing any issues submitted by researchers in an open channel

After the Bug Bounty

  • In case you decide to stop running the program for an unpredictable time, you can ask our team to delete your account or just freeze it for an unlimited time (we store your data in accordance with our official policy).