Purple Directory 🔍
Welcome to our Bug Bounty Program! We value the security and integrity of our systems and are committed to providing a safe environment for our users. As part of our ongoing efforts to strengthen our security posture, we invite security researchers and ethical hackers to help us identify and address vulnerabilities in our applications and infrastructure.
Program Overview:
Our Bug Bounty Program encourages the responsible disclosure of security vulnerabilities by offering monetary rewards for eligible submissions. The program aims to foster collaboration between security researchers and our team to enhance the security of our systems.
When submitting any data into our systems where possible please use text as "bug bounty", "bug bounty tester" etc.
Scope:
The Bug Bounty Program covers our web applications, APIs, and any other digital assets owned and operated by our organization. Participants are encouraged to focus their testing efforts on areas where security vulnerabilities are most likely to occur, including but not limited to:
- Authentication and authorization mechanisms
- Input validation and data sanitization
- Cross-site scripting (XSS) and other injection vulnerabilities
- Security misconfigurations
- Server-side request forgery (SSRF) and other server-side vulnerabilities
- Information disclosure issues
- Remote code execution (RCE) vulnerabilities
Rewards:
We offer monetary rewards for eligible security vulnerabilities based on their severity and impact. The rewards are as follows:
- Critical: £50
- High: £40
- Medium: £30
- Low: £20
- Informational: £10
- False Positive: £5
The severity of a vulnerability is determined based on the Common Vulnerability Scoring System (CVSS) and its impact on the confidentiality, integrity, and availability of our systems and data.
Submission Guidelines:
To participate in our Bug Bounty Program, please adhere to the following guidelines:
- Only test against assets within the scope of the program.
- Respect user privacy and confidentiality. Do not access or tamper with user data.
- Do not disrupt or degrade the performance of our systems.
- Provide detailed reports with clear steps to reproduce the vulnerability.
- Submit one vulnerability per report and avoid duplicating existing submissions.
- Do not publicly disclose vulnerabilities before they have been resolved.
- Follow responsible disclosure practices and allow us a reasonable amount of time to address the reported vulnerabilities.
How to Submit:
To submit a vulnerability, please signin and request our email. Once you have our email include a clear description of the vulnerability, along with any supporting evidence or proof of concept code. Our team will review your submission and respond promptly.
Acknowledgment:
We greatly appreciate the contributions of security researchers to our Bug Bounty Program. In addition to monetary rewards, we offer public recognition and acknowledgment for valuable submissions. With your help, we can continue to improve the security of our systems and protect our users' data.
Thank you for your interest in our Bug Bounty Program. Together, we can make our digital environment safer and more secure for everyone. Happy hunting!