Transparency, information and collaboration are values that we care here in
No technology is perfect, and SecNews believes that working with skilled security researchers not only in Greece but across the globe is crucial in identifying weaknesses in any technology.
We are always interested in how we can make our website and our infrastructure more secure.
Anyone knows how the power of the security researcher community can help an entity to achieve results more quickly and more effectively than can achieve on their own resources.
For all the above reasons, we are announcing SecNews vulnerability disclosure and bug bounty program in cooperation with HackerOne bug reporting platform.
If you believe you've found a security issue or vulnerability that can impact
SecNews website, infrastructure or our users and visitors, we encourage you to
notify us the soonest possible. We will investigate all legitimate reports and
do our best to fix any security vulnerability.
We are more than happy to work with all of you to resolve the issue and from our side we ask to be aligned with SecNews Disclosure Policy and Guidelines .
Any web properties owned by SecNews are in scope for the program. Including:
In order for your submission to be eligible:
All legitimate reports will be reviewed and assessed by SecNews's security
team to determine if it is eligible.
We cannot accept submissions from children under the age of 13. Reporters under the age of 13 will not be eligible to receive SecNews rewards. We will find another way to recognize your effort.
For each eligible vulnerability report, the reporter will receive one, part or maybe all of the below items & services according to the final reward panel decision:
Monetary compensation is offered under the program under specific circumstances and according to the rules above.
The following conditions are out of scope for the vulnerability disclosure program. Any of the activities below will result in disqualification from the program permanently.
Additionally, the following will not be considered significant & severe vulnerabilities for bounty (Out of Scope):
Cross site request forgery (CSRF)
Cross domain leakage
Software version disclosure
XSS attacks via POST or headers
XSS attacks in General
Missing SPF or DMARC records
HttpOnly and Secure cookie flags
SSL/TLS related (such as HSTS)
Password and account recovery policies
Session Hijacking (cookie reuse)
Missing X-Frame or X-Content headers
Access to admin pages (wp-admin)
Text injection (in error pages or elsewhere)
Access to robots.txt
Legal Notes: Payments are made through HackerOne only. You are responsible for paying any taxes associated with rewards. We reserve the right to modify the terms of this program or terminate this program at any time. By participating in this program, you agree to be bound by these rules. You must comply with all applicable laws in connection with your participation in this program.
Thank you for helping keep SecNews and our daily visitors safe!