Bug Bounty Program
Help Us Improve Our Security
Program Overview
We value the security research community's efforts in helping us maintain a secure platform. Our bug bounty program rewards security researchers for responsibly disclosing vulnerabilities.
Scope
In Scope
- barkingspiderfarms.com and all subdomains
- Mobile applications
- API endpoints
- Customer portals
- Payment systems
Out of Scope
- Third-party services not operated by us
- Social engineering attacks
- Physical security testing
- DoS/DDoS attacks
- Spam
Reward Tiers
Severity | Description | Reward Range |
---|---|---|
Critical | Remote code execution, significant data breach risks | $1,000 - $5,000 |
High | Authentication bypass, sensitive data exposure | $500 - $1,000 |
Medium | XSS, CSRF, minor information disclosure | $100 - $500 |
Low | Security misconfigurations, best practice violations | $50 - $100 |
Submission Guidelines
Required Information
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Impact assessment
- Suggested fix (if available)
- Screenshots or videos (if applicable)
Submission Process
- Create a detailed report using our template
- Encrypt sensitive information using our PGP key
- Submit via our secure reporting platform
- Wait for initial response (within 24 hours)
- Collaborate on verification and fix
Rules of Engagement
- Do not attempt to access other users' data
- Do not perform any actions that may affect system availability
- Do not disclose vulnerabilities publicly before they are fixed
- Do not use automated scanning tools without permission
- Respect user privacy and data confidentiality
Safe Harbor
We will not pursue legal action against researchers who:
- Make a good faith effort to avoid privacy violations
- Follow our disclosure guidelines
- Do not exploit vulnerabilities beyond proof of concept
- Report vulnerabilities promptly and responsibly
Response Timeline
- Initial Response: Within 24 hours
- Triage: 1-3 business days
- Fix Development: Based on severity
- Reward Payment: Within 30 days of verification
Hall of Fame
We recognize and appreciate the contributions of security researchers who help improve our security. View our Security Researcher Hall of Fame.
Submit a Vulnerability
Ready to submit a security vulnerability report?