Terms and Conditions

Hackers
Companies

1. GENERAL

1.1 Bug-Bounty LTD aims to bring companies and ethical hackers together in order to improve the overall security and usability of Companies’ systems. Bug-Bounty LTD created this Platform as a safe and controlled area where ethical hackers can offer their Ethical Hacking services to various Companies and where Companies can reach out to a large network of ethical hackers, to have their systems tested. When ethical hackers test a Company’s Platform, they are required to disclose found security vulnerabilities/issues (as bound by the scope) in a responsible manner with the aim of enabling Companies to take the appropriate action to improve their system security or usability.

1.2 By creating an account on Bug-Bounty.com, you sign up as an ethical hacker and you accept the terms of this agreement. If you do not agree with the terms listed on this page, you are not allowed to access and/or make use of Bug-Bounty.com.

1.3 By accepting these terms, you declare that you fully understand that Bug-Bounty LTD provides a Platform wherein it will act as an arbitrator between yourself and Companies. Any contractual relationship relating to the Ethical Hacking will be concluded directly between you and the Company.

 

 

2. YOUR OBLIGATIONS

2.1 If you believe that you have found a Vulnerability in any of the software listed on our Programs page you should immediately submit a report through our website addressed to the respective Company.

2.2 Your Report must describe the Vulnerability in a clear and concise manner and must, where possible, include necessary evidence such as Proof of Concept videos, screen-shots, locations, etc.

 

 

3. TESTING WITHIN THE SCOPE

3.1 Every Program open for Ethical Hacking will be offered with a defined scope which clarifies the exact areas of the Company’s systems you are authorized to test. Each Program should be considered independently as some Companies will have multiple Programs each provided with its own scope. You are responsible for reading the scope carefully and should contact us prior to your submission if you have doubts about it.

3.2 The Company grants you the right to use Ethical Hacking techniques only on the systems detailed in the scope of the Program for the duration that the Program is live.

3.3 All Third-Party systems/solutions are considered off-limits unless otherwise specified in the scope. You must halt your activities as soon as you become aware of any disruption caused to third-party systems.

3.4 Any tests performed on or with components outside of the scope are unauthorized and may be criminally sanctioned.

 

 

4. PROHIBITED ACTIONS

4.1 In connection with your ethical hacking services to Companies, you may not:

4.1.1 Exploit a discovered vulnerability for purposes other than demonstrating in a Proof of Concept unless this is in contravention of 4.1.2
4.1.2 Exploit a vulnerability that would cause the services provided by the Company to its customers to be interrupted or otherwise degraded.
4.1.3 Use any vulnerability for the purposes of installing/distributing malicious software, sending spam, carrying out social engineering or phishing attacks.
4.1.4 Use any vulnerability to remove/modify data and/or parameters.
4.1.5 Do NOT run automated scans with tools like ZAP, Burp Scanner, Acunetix and such. You will not be awarded a bounty if we detect that you used automated tools even if you report a valid bug! These tools can cause high loads that resemble DoS attacks and will be in contravention of section 4.1.2
4.1.6 Publish any of your findings with third-parties or publicly without express authorization of the Company.

 

 

5. BOUNTIES

5.1 Companies agree to award bounties to the first Hacker that submits a report which is in turn validated. Guideline amounts are provided with every Program description. Bug reports are not shared with Companies until they agree to award the bounty reward.
5.2 Bug-Bounty LTD will individually validate every report submitted to the website. Reports will be approved only if the vulnerability or bug discovered falls within the Program scope. We may require you to submit additional data in the form of videos or screen-shots to assist with the validation process.
5.3 Duplicate reports will be rejected and will not be awarded a bounty. At our sole discretion, we may disclose the user that claimed the bug first.

 

 

6. DISPUTES

6.1 Bug-Bounty LTD reserves the right to provide the final decision on whether a Report is valid or not. If you feel like we made a mistake you may submit additional proof as long your actions are not in contravention with the terms of Section 4.

 

 

7. INTELLECTUAL PROPERTY RIGHTS

7.1 Bug-Bounty LTD does not claim ownership rights of your Submissions/Reports. You agree that Bug-Bounty LTD may collect statistical and other information about your Submissions.
7.2 Your report will be reviewed by Bug-Bounty staff as it passes through our validation stages. If the company agrees to release the relevant bounty, your report will be shared with the applicable Company.
7.3 Upon your submission being rewarded you grant the Company an non-exclusive, irrevocable, non-transferable, worldwide, royalty-free license to use, view, copy, reproduce, display, modify, transmit and distribute copies of that report, internally and externally.

 

 

8. OUR LIABILITY

8.1 Whilst we try to ensure that the standard of the Website remains high and to maintain the continuity of it, the Internet is not an inherently stable medium, and errors, omissions, interruptions of service and delays may occur at any time. We do not accept any liability arising from any such errors, omissions, interruptions or delays or any ongoing obligation or responsibility to operate the Website (or any particular part of it) or to provide the service offered on the Website. We may vary the specification of this site from time to time without notice.

8.2 Whilst we make every effort to ensure that the information on our Website is accurate and complete, some of the information is supplied to us by third parties and we may not able to check the accuracy or completeness of that information. We do not accept any liability arising from any inaccuracy or omission in any of the information on our Website or any liability in respect of information on the Website supplied by you, any other website user or any other person.

8.3 You must not under any circumstances seek to undermine the security of the Website or any information submitted to or available through it. In particular, but without limitation, you must not seek to access, alter or delete any information to which you do not have authorized access, seek to overload the system via spamming or flooding, take any action or use any device, routine or software to crash, delay, damage or otherwise interfere with the operation of the Website or attempt to decipher, disassemble or modify any of the software, coding or information comprised in the Website.

You are solely responsible for any information submitted by you to the Website. You are responsible for ensuring that all information supplied by you is true, accurate, up-to-date and not misleading or likely to mislead or deceive and that it is not discriminatory, obscene, offensive, defamatory or otherwise illegal, unlawful or in breach of any applicable legislation, regulations, guidelines or codes of practice or the copyright, trade mark or other intellectual property rights of any person in any jurisdiction. You are also responsible for ensuring that all information, data and files are free of viruses or other routines or engines that may damage or interfere with any system or data prior to being submitted to the Website. We reserve the right to remove any information supplied by you from the Website at our sole discretion, at any time and for any reason without being required to give any explanation.

 

 

9. GDPR

Accountability: We are committed to the principles of the GDPR by adopting the concept of ‘data privacy by design’ within our operational model. We remain accountable by having detailed policies and systems in place as well as a Data Protection Officer to oversee our overall compliance to data protection regulations including the management of access rights requests. Our policies are regularly reviewed and updated, and our staff are periodically trained on data protection and security throughout the year.

Transparency, Fairness and Lawfulness: We process data with data subjects’ interests in mind and ensure that we approach processing activities with transparency to maintain fairness in what we do. This way we can be sure that we are processing data lawfully. We have a robust process in place to allow us to deal efficient with any access requests we may receive.

Data Integrity and Confidentiality: We hold data on secure systems. Information security and integrity is key to our smooth operation and we have dedicated cyber security team who protect our systems. We also have an Incident Response Team on hand to support us in the event data may become compromised.

Data Minimisation and Data Storage: We will not keep data for longer than is necessary and only keep data if there is a lawful basis which allows fair retention. When we do need to remove data from our possession, we do so by using industry approved standards so the disposal or anonymisation is thoroughly compliant.

Data Accuracy: Keeping data accurate is very important to us and we train our staff to ensure they are maintaining data to a high quality and with all the facts available.

Purpose Limitation: We use the data we attain for a specific purpose. This means that data is not processed for any alternative reasons other than what the data was originally collected for.

The tables below explain our stance on different operational areas of our business, so that you can easily see the standards we work by.

If you have any further queries about any topics raised in this document please contact our Data Protection Officer on info@bug-bounty.com for further assistance and clarity.