What is Cryptobox?
Cryptobox provides businesses and organizations with a sharing and collaboration solution to secure internal and external exchanges, using end- to-end encryption. You can securely access your documents from any device, control your data and costs with a scalable architecture and a patented security solution. Cryptobox can be deployed on premises, in the cloud, in a hybrid model depending on customer architecture requirements.
Cryptobox has been qualified by ANSSI for use at restricted level, and certified at CC EAL3+ level. Ercom is convinced that working with skilled security hunters around the globe is a relevant part of the flow remediation process dedicated to maintain a high security level.
The aim of the bug bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of Cryptobox users’ information. The Cryptobox Security Target (see https://www.ssi.gouv.fr/entreprise/certification_cc/cryptobox-v-2-1-48/) describes precisely assets protected by Cryptobox. Submissions will be evaluated in regards to the impact of uncovered vulnerabilities to these assets.
What hunters must do
What hunters must not do
The following known points will no longer yield rewards:
Ercom will pay rewards at Ercom’s discretion for a serious and reproducible vulnerability. Hunters are responsible for any applicable taxes associated with any reward you receive. Any report that results in a change in our code base will be rewarded, at minimum, by a €100 reward and a Hall of Fame recognition.
How to connect onto Crytpobox?
Please Contact us to this email: Support-Bug-Bounty@cryptobox.com.
Give us two different email addresses for creation of your two Cryptobox accounts.
To let us check your identity, please give us into the mail your hunter’s pseudo.
After the delivery of your two addresses, we send you an email on each address to give you the possibility to subscribe onto the platform.
Please chose as Trustee the mail address Support-Bug-Bounty@cryptobox.com. This is the only possibility to reactivate a password if you forgot yours.
After your subscription, we allocate your two accounts into a workspace (workspace name is your hunter pseudo).
Each account has specific right (one Reader and one Owner).
If you want to invite a new member into your workspace please use this email email@example.com and inform our support team at Support-Bug- Bounty@cryptobox.com.
Please note that we may modify the terms of this program or terminate it at any time.
Contact us if you want more information.