Bug Bounty Policy
We encourage third-party cybersecurity professionals and amateurs to test the vulnerabilities of our current products (Hideez Key 3, Hideez Client App, Hideez Enterprise Server) for a monetary reward. For claiming a bounty, please contact us at email@example.com.
You can test the Hideez Enterprise Server (demo version) at https://testhack.hideez.com. Please use the following login credentials as needed:
Please note that the test server settings are automatically reset to default every day at 12 a.m. EST.
To learn more about all the features of the Hideez Enterprise Solution, see our documentation.
Rules of engagement
1) Do not disseminate information about the vulnerability found until it is fixed.
2) Make every effort not to harm our users and services (act in good faith).
3) Be sure to use your accounts, phone numbers, etc., to conduct the research. Do not try to access other people's accounts or any confidential information. If account access is required to troubleshoot errors, the member must use his/her personal account.
4) If a participant accidentally gained access to personal data in the course of his/her study, we urge him/her to delete all information related to them, including connection codes, personal data, etc., after notifying us of this.
Grounds for receiving a remuneration
Our security analysts offer a bounty after reviewing and confirming the vulnerability. The level of remuneration depends on several factors, including bug severity, the impact on our services, the novelty, the visibility, the quality of the report, etc. The decision on remuneration is made for each bug report individually.
Increased remuneration may be offered based on the following criteria:
- Description quality: we may offer higher remuneration for clear and detailed bug reports;
- Proof of concept: we may offer higher remuneration if test code, scripts, and detailed instructions are included in the report;
- The quality of the proposed bugfix: we may offer higher remuneration if the report description contains suggestions on how to fix the problem;
- At our sole discretion: we may offer higher remuneration if the vulnerability you identified does not in itself pose a high risk, but thanks to your report, we have discovered vulnerabilities of a higher level of risk.
Before submitting your report, please make sure that all information you submit is correct and complete. A well-written report will speed up the process of confirming the vulnerability and remunerating for your work.
Thank you for your cooperation!