Banner object (1)

Hack and Take the Cash !

790 bounties in database
  Back Link to program      
10/06/2016
SecNews logo
Thanks
Gift
Hall of Fame
Reward

Reward

50 $ 

SecNews

Intro

Transparency, information and collaboration are values that we care here in SecNews.
No technology is perfect, and SecNews believes that working with skilled security researchers not only in Greece but across the globe is crucial in identifying weaknesses in any technology.
We are always interested in how we can make our website and our infrastructure more secure.
Anyone knows how the power of the security researcher community can help an entity to achieve results more quickly and more effectively than can achieve on their own resources.

For all the above reasons, we are announcing SecNews vulnerability disclosure and bug bounty program in cooperation with HackerOne bug reporting platform.

If you believe you've found a security issue or vulnerability that can impact SecNews website, infrastructure or our users and visitors, we encourage you to notify us the soonest possible. We will investigate all legitimate reports and do our best to fix any security vulnerability.
We are more than happy to work with all of you to resolve the issue and from our side we ask to be aligned with SecNews Disclosure Policy and Guidelines .

Scope

Any web properties owned by SecNews are in scope for the program. Including:

  • *.secnews.gr SecNews visitors or authors are out of scope for our Vulnerability Disclosure program.

Eligibility

In order for your submission to be eligible:

  • You must agree to our Disclosure Policy.
  • You must be the first person to responsibly disclose an unknown issue.

All legitimate reports will be reviewed and assessed by SecNews's security team to determine if it is eligible.
We cannot accept submissions from children under the age of 13. Reporters under the age of 13 will not be eligible to receive SecNews rewards. We will find another way to recognize your effort.

Rewards

For each eligible vulnerability report, the reporter will receive one, part or maybe all of the below items & services according to the final reward panel decision:

  • Recognition on our webpage secnews.gr, in the top slider for more than 6 weeks . Promotion of the reporter to the social media and through our mailing list.
  • Article about the reporter or a full interview (only if the reporter wants publicity)
  • A limited edition of an EXCLUSIVE SecNews t-shirt. -6/12 months provision licenses of top level software & services related to information security, protection or penetration testing.
  • If the vulnerability reported is severe and of high importance a reward amount in range from 50€ - 3000€ is also provided.
  • The amounts listed are for good quality reports that don't require complex or unlikely user interaction
  • Less convincing or more constrained bug submissions will likely qualify for reduced reward amounts, as chosen at the discretion of the reward panel.
  • On top of these rewards, we offer either a range of 50€ - 500€ if a well-written patch is provided with the report. The amount for this reward is determined by the panel based on the quality and the effort required to write a good patch for the bug.

Monetary compensation is offered under the program under specific circumstances and according to the rules above.

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our website. Only interact with accounts you own or with explicit permission of the account holder.

Exclusions

The following conditions are out of scope for the vulnerability disclosure program. Any of the activities below will result in disqualification from the program permanently.

  • Physical attempts against SecNews employees, offices and data centers.
  • Denial of service
  • Spamming. Pursuing vulnerabilities which send unsolicited bulk messages (spam) or unauthorized messages is not allowed.
  • Social engineering (including phishing) of SecNews employees, contractors, vendors, or service providers.
  • Knowingly posting, transmitting, uploading, linking to, or sending any malware.

Additionally, the following will not be considered significant & severe vulnerabilities for bounty (Out of Scope):

Cross site request forgery (CSRF)
Cross domain leakage
Information disclosure
Software version disclosure
XSS attacks via POST or headers
XSS attacks in General
Missing SPF or DMARC records
HttpOnly and Secure cookie flags
SSL/TLS related (such as HSTS)
Password and account recovery policies
Session timeout
Session Hijacking (cookie reuse)
Missing X-Frame or X-Content headers
Account enumeration
Click-jacking
Rate-limiting
Tabnabbing
Access to admin pages (wp-admin)
Reflected XSS
Text injection (in error pages or elsewhere)
Access to robots.txt

Legal Notes: Payments are made through HackerOne only. You are responsible for paying any taxes associated with rewards. We reserve the right to modify the terms of this program or terminate this program at any time. By participating in this program, you agree to be bound by these rules. You must comply with all applicable laws in connection with your participation in this program.

Thank you for helping keep SecNews and our daily visitors safe!

FireBounty © 2015-2019

Legal notices