top of page

Responsible Disclosure Program

Please read these terms and conditions carefully before using this site

1. Objective

The Bug Bounty Program aims to enhance the security of our products and services by incentivizing security researchers and ethical hackers to report potential security vulnerabilities responsibly. This program encourages the responsible disclosure of such vulnerabilities to help us identify and remediate issues before they can be exploited by malicious actors.

2. Scope

The bug bounty program covers publicly accessible web applications, mobile applications, APIs and services and solutions owned and operated by Botnet. This includes:

  • Website and dashboard

  • API endpoints

  • Authentication and Authorization mechanisms

  • Mobile Applications

  • ASM solution [Private Program]

3. Out of Scope

The following issues are considered out of scope and should not be tested without explicit authorization from Botnet:

  • Physical attacks against data centers, offices, or employees.

  • Social engineering or phishing attacks against employees or customers.

  • Any form of denial-of-service (DoS or DDoS) attacks.

  • Brute-force attacks or password guessing.

  • Attacks targeting outdated or unsupported browsers, plugins, or devices.

  • Third-Party vulnerabilities

4. Rewards

Rewards for eligible vulnerability reports will be determined based on the severity and impact of the reported issue. The severity levels and corresponding rewards are as follows:

  • Critical: Up to $500

Examples: Remote code execution, authentication bypass leading to unauthorized access, and sensitive data exposure.

  • High: Up to $200

Examples: Privilege escalation, and significant security misconfigurations.

  • Medium: Up to $150

Examples: Cross-site scripting (XSS), cross-site request forgery (CSRF), and other moderate security issues.

  • Low: Up to $100

Examples: Information disclosure with low impact, UI, and UX issues.

 

The Bug Bounty team will evaluate the severity of each submission and may adjust the reward amount based on factors such as the quality of the report and the potential for exploitation.

5. Submission Process

To submit a vulnerability report, send a detailed report to contact@botnetsecurity.com

6. Disclosure Policy

After receiving and verifying a report, Botnet will work to resolve the issue promptly. We aim to keep researchers informed of the progress during the resolution process.

This Bug Bounty Policy is subject to change without notice. Botnet reserves the right to modify the scope, rewards, and guidelines at any time.

7. Contact Us

For any inquiries related to the Bug Bounty Program, please contact contact@botnetsecurity.com By participating in this Bug Bounty Program, you acknowledge that you have read and agree to the terms and conditions outlined in this policy.

bottom of page