You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The Lexzur bug bounty program is designed to incentivize researchers and other members of the security community to report vulnerabilities in our systems. We offer rewards in the form of cash or other incentives for successfully identifying and disclosing vulnerabilities.

Scope

The scope of this bug bounty program includes all publicly accessible systems and services provided by Lexzur, including web and mobile applications, API endpoints, and other publicly accessible systems.

The following types of vulnerabilities are eligible for rewards:

  • Cross-site scripting (XSS)
  • Cross-site Request Forgery (CSRF)
  • SQL injection
  • Remote code execution (RCE)

Eligibility

To be eligible to participate in this bug bounty program, researchers must:

  • Be 18 years of age or older
  • Not be a current or former employee of Lexzur or any of its affiliates

Rules

  • Do not access or attempt to access sensitive data
  • Do not perform any actions that could harm our systems or users
  • Do not use any vulnerabilities contingent on social engineering, spamming, DDOS attack or other similar types of exploitation
  • Do not use similar technique that has already been reported and rewarded, subsequent reports of the same nature will not be eligible for additional rewards
  • 0-day vulnerabilities less than 30/60/90 days from patch release are ineligible for bounty


Submission Guidelines

  • Provide detailed steps to reproduce the vulnerability
  • Proof of Concept, Include any supporting evidence, such as screenshots or videos
  • Include Impact of the issue and how an attacker could exploit the issue
  • Affected target, feature, or URL

If your report doesn’t include the necessary information to allow us to reproduce the issue, we may not be able to accept your report or evaluate it for a bounty

Reporting

Researchers who believe they have discovered a potential vulnerability in Lexzur's systems should report it to our security team via the email address sec@lexzur.com

If similar vulnerabilities are reported, the payment may be split among those reporters, or it may be awarded to the first person who reported it.

Responsible Disclosure

Researchers are expected to follow responsible disclosure practices when reporting vulnerabilities. This means that researchers should not publicly disclose the vulnerability or exploit it for any purpose other than to demonstrate its existence to Lexzur's security team

By participating in this bug bounty program, researchers agree to these terms and conditions. Lexzur reserves the right to modify or terminate this program at any time

Management And Triage

All incoming reports will be reviewed and triaged by our security team. We will provide timely responses to participants, and will promptly pay out rewards for eligible vulnerabilities

Rewards

Lexzur will offer rewards for eligible vulnerabilities according to the following schedule:

  • Critical vulnerabilities: $200
  • High severity vulnerabilities: $150
  • Medium severity vulnerabilities: $50
  • Low severity vulnerabilities: $30

Lexzur reserves the right to validate/reject the reported vulnerability with a valid reason or to determine the severity of a vulnerability and the amount of the reward.

  • No labels