Policy
At Project BIOS, we are committed to ensuring the security and integrity of our systems. We believe that responsible disclosure of security vulnerabilities helps us achieve this goal. We invite security researchers to participate in our Bug Bounty Program by identifying vulnerabilities in our systems and responsibly disclosing them to us.
Scope
This Bug Bounty Program applies to vulnerabilities in the following areas:
- Web applications
- Mobile applications
- APIs and web services
- Network infrastructure
Eligibility
To be eligible for a reward under this Bug Bounty Program, you must:
- Adhere to the terms and conditions of this policy.
- Be the first to report a specific vulnerability.
- Report a vulnerability that is within the scope of this program.
- Avoid any privacy violations, destruction of data, and interruption or degradation of our service.
- Reporting a Vulnerability
To report a vulnerability, please follow these steps:
Email Submission: Send an email to info@projectbios.com with the following details:
Subject: Bug Bounty Report
Severity Rating: Please provide a severity rating of the vulnerability (e.g., Low, Medium, High, Critical).
Description: Describe the vulnerability in detail, including the steps to reproduce it.
Recommended Fix: Provide your recommendations for fixing the vulnerability.
Attachments: Do not include any attachments
Body of Report Should Include: Include any relevant screenshots, proof-of-concept code, or other supporting material.
Response and Triage
Upon receiving your report, we will:
Acknowledge receipt of your vulnerability report within 48 hours.
Conduct a preliminary assessment to determine if the vulnerability is within scope and if the report contains enough information to validate and reproduce the issue.
If necessary, request additional information from you to facilitate our investigation.
Rewards
Rewards are issued at the discretion of Project Bios based on the severity and impact of the reported vulnerability. The reward amounts will vary based on the criticality of the issue and other factors.
Disclosure Policy
We ask that you do not publicly disclose the vulnerability until we have had an opportunity to investigate and address it. We are committed to resolving all valid vulnerabilities in a timely manner and will inform you when the issue has been fixed.
Legal Safe Harbor
Project Bios will not pursue legal action against individuals who:
- Make a good faith effort to comply with this policy.
- Report vulnerabilities within the scope of this program.
- Avoid causing harm or damage to our systems or data.
- Do not disclosure to the public until after the bug is resolved.
Contact
If you have any questions or need further clarification about this Bug Bounty Program, please contact us at info@projectbios.com.