Bug Bounty Program

Help Us Improve Our Security

Program Overview

We value the security research community's efforts in helping us maintain a secure platform. Our bug bounty program rewards security researchers for responsibly disclosing vulnerabilities.

Scope

In Scope

  • barkingspiderfarms.com and all subdomains
  • Mobile applications
  • API endpoints
  • Customer portals
  • Payment systems

Out of Scope

  • Third-party services not operated by us
  • Social engineering attacks
  • Physical security testing
  • DoS/DDoS attacks
  • Spam

Reward Tiers

Severity Description Reward Range
Critical Remote code execution, significant data breach risks $1,000 - $5,000
High Authentication bypass, sensitive data exposure $500 - $1,000
Medium XSS, CSRF, minor information disclosure $100 - $500
Low Security misconfigurations, best practice violations $50 - $100

Submission Guidelines

Required Information

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Impact assessment
  • Suggested fix (if available)
  • Screenshots or videos (if applicable)

Submission Process

  1. Create a detailed report using our template
  2. Encrypt sensitive information using our PGP key
  3. Submit via our secure reporting platform
  4. Wait for initial response (within 24 hours)
  5. Collaborate on verification and fix

Rules of Engagement

  • Do not attempt to access other users' data
  • Do not perform any actions that may affect system availability
  • Do not disclose vulnerabilities publicly before they are fixed
  • Do not use automated scanning tools without permission
  • Respect user privacy and data confidentiality

Safe Harbor

We will not pursue legal action against researchers who:

  • Make a good faith effort to avoid privacy violations
  • Follow our disclosure guidelines
  • Do not exploit vulnerabilities beyond proof of concept
  • Report vulnerabilities promptly and responsibly

Response Timeline

  • Initial Response: Within 24 hours
  • Triage: 1-3 business days
  • Fix Development: Based on severity
  • Reward Payment: Within 30 days of verification

Hall of Fame

We recognize and appreciate the contributions of security researchers who help improve our security. View our Security Researcher Hall of Fame.

Submit a Vulnerability

Ready to submit a security vulnerability report?