GObugfree
We get hackers working for you!
Find vulnerabilities earlier, more reliably, and more cost-effectively with the Swiss Bug Bounty platform.
As we get friendly hackers working for our customers - we certainly have our platform hacked as well. Happy hunting!
Rules
Hacking Methods
In participating in the program, ethical hackers agree not to use methods that would adversely affect the tested applications or their users. These include:
- Social engineering
- Spamming
- Phishing
- Denial-of-service attacks or other brute force attacks
- Physical attacks
In addition to the prohibited hacking methods listed above, Friendly Hackers are required to immediately discontinue vulnerability scanning if they determine that their conduct will result in a significant degradation (negative impact on regular users or on the operations team) of the Platform's or Service's operations.
Qualified vulnerabilities
Any design or implementation problem can be reported that is reproducible and affects security.
Typical examples:
- Cross Site Request Forgery (CSRF)
- Cross Site Scripting (XSS)
- Insecure Direct Object Reference
- Remote Code Execution (RCE) - Injection Flaws
- Information Leakage an Improper Error Handling
- Unauthorized access to properties or accounts
Other examples:
- Data/information leaks
- Possibility of data/information exfiltration
- Backdoors that can be actively exploited
- Potential for unauthorized system use
- Misconfigurations
Targets
Not in scope: Third-party services and products such as Fidentity, Gmail, Keycloak, etc.
gobugfree.com: Website
app.gobugfree.com: App
Procedure
- Register / Login @ GObugfree
- Start looking for vulnerabilities, respecting the definitions in this program (scope, rules, ...).
- Report found vulnerabilities and support the platform and the customer in verifying them.
- Get paid for confirmed, new vulnerabilities.
Legal
The organisation gives their approval for Friendly Hackers to use hacking methods based on the specified bug bounty program. Due to this consent, the criminal liability criterion of unauthorized obtaining/unauthorized use and thus the criminal liability of the Friendly Hackers with regard to the criminal offenses in Art. 143 Swiss Criminal Code (Unauthorised obtaining of data) and Art. 143bis Swiss Criminal Code (Unauthorised access to a data processing system) does not apply.
Bounty Levels
Severity | Bounty |
---|---|
Critical | CHF 2'000-3'000 |
High | CHF 1'000-2'000 |
Medium | CHF 500-1'000 |
Low | CHF 200-500 |