Banner object (1)

Hack and Take the Cash !

815 bounties in database
  Back Link to program      
05/06/2019
Memset Ltd logo
Thanks
Gift
Hall of Fame
Reward

Memset Ltd

We believe in the power of the security research community to assist us with

our commitment to maintaining the best possible security posture. To this end,

Memset has contracted with Bugcrowd to assist us in working with the research

community in the most mutually effective, frictionless and transparent manner.

We ask you to:

  • Report the issues you identify clearly and fully

  • Including proof of concept or a detailed explanation to assist us with recreating the issue

  • Keep identified issues confidential

  • Comply with the scoping and identification criteria below

  • Bear with us. We will treat your findings responsibly and prioritise them accordingly

  • Protect our and customers’ data – If you find sensitive data not intended for you, stop and report it immediately.


Ratings/Rewards:

The only rewards we currently provide are kudos on the Bugcrowd platform.

_For the initial prioritization/rating of findings, this program will use

the[Bugcrowd Vulnerability Rating

Taxonomy](https://bugcrowd.com/vulnerability-rating-taxonomy). However, it is

important to note that in some cases a vulnerability priority will be modified

due to its likelihood or impact. In any instance where an issue is downgraded,

a full, detailed explanation will be provided to the researcher - along with

the opportunity to appeal, and make a case for a higher priority._

This program only awards points for VRT based submissions.

Targets

In scope

Target name | Type

---|---

*.memset.com | Other

*.bofhs.net | Other

_Any domain/property of Memset not listed in the targets section is out of

scope. This includes any/all subdomains not listed above._


Out-of-scope findings include:

  • DoS or DDoS

  • Destructive or performance-impacting attacks or testing

  • Social engineering of any kind

  • Submissions that do not pertain to Memset’s assets

  • Flaws specific to unpatched browsers or plugins

  • Simple, non-XSS content injection

  • Logout CSRF.

  • Missing security-related flags on non-security impacting cookies

  • Simple rate-limiting issues without a security impact

  • Submissions entirely comprising output from commonly available automated scanners

Safe Harbor:

**When conducting vulnerability research according to this policy, we consider

this research to be:**

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;

  • Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;

  • Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and

  • Lawful, helpful to the overall security of the Internet, and conducted in good faith.

  • You are expected, as always, to comply with all applicable laws.

_If at any time you have concerns or are uncertain whether your security

research is consistent with this policy, please submit a report through this

program, or inquire via support@bugcrowd.com before going any further._

Program rules

This program follows Bugcrowd’s [standard disclosure

terms](https://www.bugcrowd.com/resource/standard-disclosure-terms/).

This program does not offer financial or point-based rewards for P5 —

Informational findings. [Learn more about Bugcrowd’s VRT](https://bugcrowd.com/vulnerability-

rating-taxonomy).


FireBounty © 2015-2019

Legal notices