Fintual destina US$250,000 para premiar a hackers.

Andrés Marinkovic
Andrés Marinkovic
31 May, 2019 lectura de 2 mins

Invitamos a la comunidad de security researchers a que nos ayuden a detectar vulnerabilidades de impacto crítico, alto, medio y bajo en nuestra plataforma.

La seguridad es una prioridad para nosotros y creemos que una buena manera de mejorarla es premiando a hackers que encuentren la manera de afectarnos en un ambiente controlado.

El detalle de nuestro programa de bug bounty está en https://fintual.cl/security-policy.txt y es éste:

We welcome software security researchers that want to help us hunt down vulnerabilities.
Should you find one, send it over. 
We'll be filled with gratitude and reward you with up to$5,000 USD for critical 
vulnerabilities.
Our program has very few rules for now, and we will react on acase by case basis, applying 
our criteria to determine awards.
- Reproducible steps: If the report is not detailed enough to reproduce the issue, 
the issue will not be eligible for a reward.
- One vulnerability per report: unless you need to chain vulnerabilities to provide impact.
- Duplicates don't get rewarded: we only award the first report that was received (provided 
that it can be fully reproduced).
- One origin: Multiple vulnerabilities caused by one underlying issue will be awarded one 
bounty.
- No social engineering: Phishing, vishing, smishing, etc are prohibited.
- Don't be evil: Make a good faith effort to avoid privacy violations, destruction of data
, and interruption or degradation of our service. 

Only interact with accounts you own or with explicit permission of the account holder.
$50 - Low impact / low risk
$150 - Medium impact / medium risk
$500 - High impact / high risk
$5.000 - Critical impact / high risk

Para reportarnos:

https://fintual.cl/.well-known/security.txt

Contact: security~AT~fintual~DAT~com
Canonical: https://fintual.com/.well-known/security.txt
Encryption: https://fintual.com/pgp-key.txt
Acknowledgments: https://fintual.com/hall-of-fame.txt
Preferred-Languages: en, es
Policy: https://fintual.com/security-policy.txt