HackenProof Docs
  • Welcome
    • HackenProof
      • Services we provide
      • Our resources
    • Integrations
      • Slack
      • Discord
      • Telegram
      • Zapier (Webhook)
        • Zapier -> Lark
        • Zapier -> Linear
        • Zapier -> Jira Service Management
        • Zapier -> PagerDuty
        • Zapier -> Google Chat
        • Zapier -> ClickUp
      • Jira Software
      • GitHub Issue
      • GitLab Issue
      • VDP iFrame
    • FAQ
      • Audit & Bug Bounty (BB)
      • Crowdsourced Audit & BB
      • Penetration testing & BB
    • Emergency
      • Reset 2FA
    • Code of Conduct
    • Referral Program
  • Bug Bounty
    • Bug Bounty process
    • How to start Bug Bounty
    • How to create a VDP
    • Vulnerability classification
      • Web & Mobile
      • Smart contracts
      • Blockchain protocols
    • Reports Basics
      • Points Guide
      • Crafting a well-readable report
  • Dashboard
    • Company dashboard
      • Manage programs
      • Manage reports
      • Share report
      • Labels
      • E2E report encryption
      • Reports decrypting with Mailvelope
      • Users and roles
      • Program/Report Assignee
      • Replenish your balance
      • Integrations
    • Hacker dashboard
      • 👉How to start
      • Submit a report
      • Reports Basics
      • Vulnerability classification
      • 👮‍♂️KYC
      • Сreate a crypto wallet
      • 💸Withdraw bounty
      • Hacker Leaderboard
      • Reset 2FA
      • 🍕HackenProof community
      • Report ID
      • Private Program
      • Contact support
    • Company-Auditor dashboard
      • How to start
      • Add members
      • Submit report
      • Contact support
  • Crowdsourced audit
    • Audit process
    • How to start Audit
    • Supported tech
    • Vulnerability classification
    • Reports Basics
    • Qualified Auditors
    • Judging / Triaging
      • Targets
      • Team
    • Fee & Payments
  • DualDefense Audit
    • What is DualDefence Audit
    • How DualDefence Audit goes
    • DualDefence Audit — researchers' perspective
  • good to know
    • Changelog
    • Branding
    • Vulnerability Disclosure
  • Education
    • Courses
    • Tools
    • Useful sources
Powered by GitBook
On this page
  • Inappropriate Conduct
  • Disruptive Testing and Service Deterioration
  • Exposure of Private Programs Without Permission
  • Unstructured Vulnerability Disclosure - Public Programs
  • Unofficial Communication With the Program Team
  • Reputation Manipulation and Duplicate Account Misuse
  • Misappropriation of Intellectual Property
  • Manipulative Tactics
  • Coercion and Threats
  1. Welcome

Code of Conduct

By partaking in activities on the HackenProof platform, all whitehat hackers pledge to adhere to the HackenProof Code of Conduct (CoC). ​ This CoC is supplementary to the Terms and Conditions that all hackers must consent to when setting up an account. This Code provides the principles of engagement on the platform and outlines the potential disciplinary measures for any breaches.

Inappropriate Conduct

Interactions on the platform should always maintain a standard of professionalism and respect. Please avoid:

  • Inundating report threads or sending unnecessary support requests

  • Leaving derogatory comments

  • Acting unprofessionally at Live Hacking Events or other real-life instances where you represent HackenProof

  • Threatening disclosure, especially related to private programs

Such conduct hampers the efficiency of the process and does not benefit you as the hacker or the program. ​

Disruptive Testing and Service Deterioration

Hackers must not engage in testing practices that could endanger the platform or services without prior permission. This includes excessive exploitation of vulnerabilities, unauthorized access or usage of accounts or production details not sanctioned per the program's policy, modifying production or database data, causing a Denial of Service, or in any way negatively impacting customer systems.

Exposure of Private Programs Without Permission

Revealing any aspect of a private program on the HackenProof platform is prohibited. This includes disclosing the program name, scope, vulnerability details, bounty structure, account details, or any other information that could identify the program. Such exposure may lead to disciplinary actions.

Unstructured Vulnerability Disclosure - Public Programs

For public programs, hackers should adhere to responsible disclosure guidelines. This involves awaiting the development and release of a patch before publicly disclosing vulnerabilities.

Unofficial Communication With the Program Team

Hackers should only use the authorized communication channels to discuss vulnerabilities submitted to HackenProof. Contacting security teams outside the official channels about submitted reports is a breach of this CoC. HackenProof is the official communication channel unless otherwise stated in the program policy.

Reputation Manipulation and Duplicate Account Misuse

Multiple accounts are not permitted to evade penalties or to gain an unfair advantage on the platform. Similarly, activities that unfairly boost reputation are prohibited. This includes sharing account access, submitting other hackers' work, and improper requests for changes in closure status to maintain reputation.

Misappropriation of Intellectual Property

The unauthorized use of another's intellectual property, including the work of other hackers, is strictly forbidden.

Manipulative Tactics

Attempting to manipulate another party through pretense of a HackenProof employee, another hacker, a program member, or a security team without authorization is prohibited.

Coercion and Threats

Any attempt to extract bounties, money, or services through coercion or threats is prohibited. Cases of extortion or blackmail may be escalated depending on their severity and may be considered criminal offenses.

Adherence to this Code of Conduct ensures a secure, ethical, and productive community for all. Let's work together to maintain these standards.

PreviousReset 2FANextReferral Program

Last updated 9 months ago