Bug Bounty process

You will need to register your account (or the HackenProof team will register), and draft the program rules & rewards, and specify targets for hackers (or our team will lead this process as well)
As soon as everything is agreed with the HackenProof team, the program comes alive. Then HackenProof will make social media announcements and another process around the promotion
Researchers will start submitting vulnerability reports
As soon as you get the report you need to review (or the HackenProof team) it due to the specified program SLA
If the reviewed report is valid you will pay through the HackenProof platform to the researcher

Welcome to book the call or write us in telegram to get answers to the questions you might have

Please don't break the rules. If you don't follow Program SLA we will delist you from the HackenProof platform
The final decision on the severity level and a bounty is always on the client, but please don't try to downgrade the hacker reward or hide the real severity of the report. If you don't follow the rules we will delist you from the HackenProof platform
If you triage reports by yourself we may still ask you to allow us to review some reports if researchers have notified us of a reduced reward or severity
Please avoid discussing any issues submitted by researchers in an open channel

In case you decide to stop running the program for an unpredictable time, you can ask our team to delete your account or just freeze it for an unlimited time (we store your data in accordance with our official policy).

Last updated 8 months ago