Bug Bounty & Vulnerability Disclosure Program

This program outlines safe-harbor protections, reporting rules, bounty eligibility, and security escalation procedures for ethical hackers and researchers working with Vibble.

1. Safe Harbor Protection

No legal action for good-faith testing
No account suspension for compliant testing
Researchers protected from Nexa-Group legal claims when following rules

2. In-Scope Vulnerabilities

Critical authentication flaws
Account takeover vectors
Privilege escalation
RCE (remote code execution)
SQLi, XSS, CSRF with meaningful impact
API authorization or data leakage weaknesses

3. Out-of-Scope Issues

Rate-limit-only findings
Social engineering of staff
Third-party service bugs
UI text or cosmetic display errors

4. Severity-Based Reward Ranges

Critical: $2,000 – $20,000+
High: $750 – $5,000
Medium: $250 – $1,000
Low: $50 – $250

5. Submission Requirements

Clear reproducible steps
Proof-of-concept payloads
Affected endpoints or systems
Assessment of potential impact

6. Response Timeline

Acknowledgement: 48–72 hours
Initial triage: 5–7 days
Fix timeline: depends on severity

7. Contact

Security Team: security@vibble.com
Ethical Research: research@vibble.com
Nexa-Group Vulnerability Desk: vuln@nexa-group.org

Bug Bounty & Vulnerability Disclosure Program

Поддержка

Bug Bounty & Vulnerability Disclosure Program

1. Safe Harbor Protection

2. In-Scope Vulnerabilities

3. Out-of-Scope Issues

4. Severity-Based Reward Ranges

5. Submission Requirements

6. Response Timeline

7. Contact

Популярное

Bug Bounty & Vulnerability Disclosure Program

Поддержка

Bug Bounty & Vulnerability Disclosure Program

1. Safe Harbor Protection

2. In-Scope Vulnerabilities

3. Out-of-Scope Issues

4. Severity-Based Reward Ranges

5. Submission Requirements

6. Response Timeline

7. Contact

Популярное

Сгенерировать пароль