Bug Bounty Program
Security first. And it is rewarded.
The security of the Hiveon OS system is one of our main goals. Help us with it, find vulnerabilities — and get rewarded.
How does the program work?
Remuneration is possible in case the following rules are observed:
- You must be the first user to submit a vulnerability report.
- The detected vulnerability must fall into one of the categories described below.
- You must provide a description of the steps required to reproduce the vulnerability.
- You agree to maintain the confidentiality of your communication with the Hiveon OS team — this means that you should not send reports or evidence to other users or companies.
- The in-scope domains (not including sub-domains) are as follows: hiveon.com, the.hiveos.farm, hiveon.net.
The list of vulnerabilities
The detected vulnerability must fall into one of the following categories:
- Cross-site request forgery that has serious security impact
- Cross-site scripting (excluding Self-XSS)
- Server side request forgery
- Cross origin resource sharing that has serious security impact
- Open Redirect that has serious security impact
- SQL injection
- Privilege escalation
- Directory traversal
- Payment manipulation
- Remote code execution
- Local file inclusion
- Remote file inclusion
- Leakage of sensitive data
- Authentication bypass
What is the amount of the reward?
- The reward amount is $10-$20. Threshold values are not subject to negotiation or change.
- We pay much more ($500+) for the following vulnerabilities: leakage of sensitive data, payment manipulation, authentication bypass, SQL injection.
- One confirmed vulnerability equals one reward.
Important
- You must not violate the privacy of other users, destroy any data, or disrupt the operation of our services.
- To search for vulnerabilities, you should use only your personal Hiveon OS account. The use of other users' accounts is prohibited.
- Do not try to affect our physical security measures, do not use spam, social engineering, DDOS attacks, or other techniques.
- If you find a vulnerability that allows access to the system, you should notify us immediately — do not continue to investigate the vulnerability yourself.
- Exploiting the vulnerability for your own benefit cancels your participation in the program — in this case, no remuneration will be paid.
Your attentiveness can earn you a reward and help make Hiveon OS even more secure. If you find a vulnerability, please email us at [email protected]. Let’s improve Hiveon OS together!