BUG BOUNTY
Code Of Conduct
- Don’t try to exploit any DoS vulnerabilities, social engineering attacks, physical attack or spam !
- No Bruteforce allowed
- Don't publicly disclose a bug before it has been fixed
- We reserve the right to cancel this program at any time and the decision to pay a reward is entirely at our discretion.
- Don’t violate any law and stay in the defined scope
- You also must not disrupt any service, or compromise personal data
- Any failure to comply with these rules will be sanctioned by exclusion of hunter’s submission and even worse...
Golden Rule
- Each hunter have to create an account on the Bug Bounty platform YesWeHack.com in order to validate the rules before hunting for bugs and accessing to the programs.
- Each hunter of the NuitDuHack Bug bounty will be subject to terms of use of the BountyFactory.io platform.
- Each registrant will receive the title of HZV member for the entire duration of the leHACK.
- No actual or past employee of program’s scopes can join the program.
Validation Committee
- Business: Program's scope
- Pwnage: Onemore, Nicob, Skunk
Submitting Bugs
Please observe the following rules:
- Submit bugs only through Bug Bounty plateform YesWeHack.com
- A Bug Bounty submission must contain an example (unique request or PoC code) and description of the weakness, and provide enough information to analyze the progress of the attack and can be easily replayed, which will simplify the validation of bugs and will impact the amount of the reward.
- The validity of each submission and the amount of reward shall be decided by the validation committee.
- 10h30 Bounty opening, validation committee presentation
Rewards
- Hall of Fame (HoF) for all and for the duration of the Bounty
- Bounty within the limits of the pool, amount according to criticality / elegance / documentation (All the rewards will be made through the YesWeHack.com platform)
- Bounty ©
Glossary
- Bounty : financial reward after reporting a bug relevant, compliant with rules and interesting
- “Bounty”® : nutritive reward after reporting a bug relevant, compliant with rules. A real Bounty ©
- Dashboard : Web application allowing hunters to register, report bugs and follow their evolution
- Hunter : person doing the contest and physically located on the leHACK building.