Bug Bounty Hub

Bug Bounty Hub

We get hackers working for you!
Find vulnerabilities earlier, more reliably, and more cost-effectively with the first Swiss Bug Bounty platform.

As we get friendly hackers working for our customers - we certainly have our platform hacked as well. Happy hunting!

✓ Bounty
Report a vulnerability

Rules

Bug Bounty Hub operate various services (platforms, services). But only services from explicitly listed domains / URLs are in the scope of the Bug Bounty Program. All other domains or explicitly listed services are therefore not eligible for reward and do not fall under the Legal Safe Harbor Agreement.

By participating in this Bug Bounty Program, Friendly Hackers undertake to document information about any vulnerability found exclusively via the platform's designated reporting form and not in any other places. They also agree to keep the found vulnerability secret for 90 days after reporting it on the platform. Finally, they undertake to upload to the platform any data from customers that they have obtained as part of a bug bounty program and to delete any local copies afterwards and not to distribute them further.

Friendly Hackers commits to not using methods that have a negative impact on the tested services or their users. Among others these are:

  • Social engineering
  • Spamming
  • Phishing
  • Denial-of-service attacks or other brute force attacks
  • Physical attacks

In addition to the prohibited hacking methods listed above, Friendly Hackers are required to immediately discontinue vulnerability scanning if they determine that their conduct will result in a significant degradation (negative impact on regular users or on the operations team) of the Platform's or Service's operations.

The following vulnerabilities and forms of documentation are generally not wanted and will be rejected:

  • Best practices that do not lead to a directly exploitable vulnerability (e.g. missing security headers).
  • Vulnerabilities based on software libraries from third parties, where the vulnerabilities are already known.
  • Reports of automated tools without additional explanations.
Show more

Targets

Not in scope: Third-party services and products such as Fidentity, Gmail, Keycloak, etc.

Procedure

  1. Register / Login @ Bug Bounty Hub
  2. Start looking for vulnerabilities, respecting the definitions in this program (scope, rules, ...).
  3. Report found vulnerabilities and support the platform and the customer in verifying them.
  4. Get paid for confirmed, new vulnerabilities.

Legal

The organisation gives their approval for Friendly Hackers to use hacking methods based on the specified bug bounty program. Due to this consent, the criminal liability criterion of unauthorized obtaining/unauthorized use and thus the criminal liability of the Friendly Hackers with regard to the criminal offenses in Art. 143 Swiss Criminal Code (Unauthorised obtaining of data) and Art. 143bis Swiss Criminal Code (Unauthorised access to a data processing system) does not apply.

Bounty Levels

SeverityBounty
Critical

2'000-3'000

High

1'000-2'000

Medium

500-1'000

Low

200-500