logo logo
- I Smell Bounty in My Blood, because
The Hunt Never Ends!
Login

Safe Harbor Policy

Introduction

Versatile Bounty, the company behind BugBountys.com, is committed to providing a safe and secure environment for its users, security researchers, and bug bounty hunters. This Safe Harbor Policy outlines our guidelines for responsible disclosure of security vulnerabilities and our commitment to protecting those who help us improve our security posture.

    Scope

    This policy applies to all Versatile Bounty websites, applications, and services, including but not limited to BugBountys.com.

    Guiding Principles

  • We believe in the importance of responsible disclosure of security vulnerabilities to ensure the security and integrity of our systems and data.
  • We appreciate the efforts of security researchers and bug bounty hunters who help us identify and fix security vulnerabilities.
  • We are committed to protecting those who report security vulnerabilities in good faith and in accordance with this policy.

Safe Harbor Provisions

If you are a security researcher or bug bounty hunter who has discovered a security vulnerability on our website or application, you play a crucial role in our security efforts. We value your contributions and consider you a valuable partner. To ensure your safety and protection while working with us, we provide safe harbor provisions, which are designed to protect you from legal or other repercussions when reporting vulnerabilities in good faith.

  • No action will be taken against you. We will not pursue legal action for your research and disclosure of security vulnerabilities, as long as you adhere to the guidelines outlined in this policy
  • No retaliation: We will not retaliate against you or your organization for conducting research or reporting security vulnerabilities.
  • Protection from liability: We will protect you from liability for any claims arising from your research and disclosure of security vulnerabilities, provided that you follow the guidelines outlined in this policy.

Exclusions and Limitations

Notwithstanding the safe harbor provisions, we reserve the right to take legal action against any individual or organization engaging in the following activities:

  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks: Attempts to overwhelm our systems or disrupt our services through DoS or DDoS attacks are serious offenses that may result in legal action.
  • Social Engineering attacks: Manipulating or deceiving our employees, contractors, or users into divulging sensitive information or performing certain actions is a serious offense that may result in legal action.
  • Client-side attacks: Exploiting vulnerabilities in our users' systems or software is a serious offense that may result in legal action.

Consequences of Excluded Activities

If you engage in any of the excluded activities outlined above, you may face the following consequences:

  • Civil liability: We may seek damages for any losses resulting from your actions.
  • Criminal liability: We may report your activities to law enforcement and cooperate with any investigations or prosecutions.
  • Termination of access: We may revoke your access to our systems and services and prohibit your participation in our bug bounty program.

Guidelines for Responsible Disclosure

To ensure your research and disclosure of security vulnerabilities are protected under this policy, please adhere to the following guidelines:

  • Conduct research in good faith: Ensure your research does not harm our systems, data, or users.
  • Avoid exploiting vulnerabilities: Do not use security vulnerabilities for personal gain or to harm our systems, data, or users.
  • Report vulnerabilities promptly: Notify us of security vulnerabilities as soon as possible using the contact information below.
  • Provide sufficient information: Include detailed information about the vulnerability, such as steps to reproduce the issue and any relevant technical details.
  • Do not disclose publicly: Refrain from publicly disclosing the vulnerability until we have had a chance to address it, unless you have received explicit permission to do so.

Contact Information

If you have discovered a security vulnerability on our website or application, please report it to us at:

  • support@bugbountys.com

Acknowledgement

We appreciate your help in securing our systems and data. By reporting security vulnerabilities in line with this policy, you contribute to enhancing our security measures and protecting our users.

Changes to this Policy

We reserve the right to modify this policy at any time. Any changes to this policy will be posted on this page.

Effective Date

This policy is effective as of [24/10/2024].

By following this policy, we can work together to create a safer and more secure environment for everyone.

NOTICE

By participating in our bug bounty program or reporting security vulnerabilities, you confirm that you have read and understood the terms and conditions of this policy and agree to abide by them.