Vulnerability Disclosure

Vulnerability Disclosure

At Hack4Bug, we prioritize the security and privacy of our users, partners, and community. Despite our continuous efforts to maintain robust security measures, vulnerabilities may still exist within our web applications, products, or services. We strongly encourage ethical security researchers, penetration testers, and the security community to report such vulnerabilities responsibly.

Scope

This policy applies to all web properties, applications, APIs, and products developed and maintained by Hack4Bug. Vulnerabilities identified in third-party services that are integrated with Hack4Bug products may be reported, but they will be handled on a case-by-case basis.

Guidelines for Reporting

• Submit detailed vulnerability reports including steps to reproduce, impact, and proof-of-concept (Required).
• Avoid actions that could harm data, compromise user privacy, or disrupt services.
• Respect responsible disclosure timelines and allow us reasonable time to investigate and fix reported issues.

Exclusions

The following activities are strictly prohibited and fall outside the scope of this policy:

• Social engineering, phishing, or physical attacks against Hack4Bug employees or users.
• Denial of Service (DoS/DDoS) testing.
• Use of automated scanners that generate large amounts of traffic.

How to Report

If you discover a vulnerability in any of our products or web properties, please report it to us through our official communication channel:

Email: security@hack4bug.com

Acknowledgement

We deeply value the contributions of security researchers and professionals who help us strengthen our systems. Hack4Bug may acknowledge responsible disclosures on our Hall of Fame page as a token of appreciation, subject to the sensitivity of the reported issue and the reporter's consent.