You may be eligible to receive a financial reward if:
- Your report and PoC is about a vulnerability of service included in Eligible Target's scope.
- Your activities and report fully meet the requirements of the Kick Ecosystem Security Bug Bounty Program and its Policy.
- The vulnerability is determined to be a valid security issue by the Kick Ecosystem security team according to the Kick Ecosystem risk assessment process.
- You are the first person to submit a site or product vulnerability.
- You are not a Kick Ecosystem partner, Kick Ecosystem employee, or author of vulnerable product/code.
Kick Ecosystem remains the right to reward the reporter by including to the Hall of Fame
without financial reward if:
- Your report does not contain working PoC or provided steps does not allow to reproduce the vulnerability exploiting.
- Your activities or report are not fully compliant with the Campaign Policy.
- Your report is about a vulnerability that does not affect any meaningful resources, business processes.
- Your report is about a vulnerability that does not create meaningful business risk.
Payouts (may be adjusted for each specific finding based on results of risk analysis):
* for reports sent after 11th of June 2020.