Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,119,604 coordinated disclosures
716,916 fixed vulnerabilities
1,470 bug bounty programs, 2,937 websites
25,871 researchers, 1,382 honor badges

CK-12 Foundation Bug Bounty Program

CK-12 Foundation runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of CK-12 Foundation

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between CK-12 Foundation and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

ck12.org

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

Please contact [email protected] with any disclosures. PoC videos or screenshots are always helpful.

Testing Requirements:

There are currently no testing requirements.

Possible Awards:

CK-12 does not pay for bugs, but may send some swag as a token of appreciation.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched

 09.12.2021 navitime.co.jp
 09.12.2021 uni-osnabrueck.de
 09.12.2021 infotracer.com
 09.12.2021 umk.pl
 09.12.2021 kit.edu
 08.12.2021 calculatorsoup.com
 08.12.2021 nga.gov.au
 08.12.2021 reverbnation.com

  Latest Blog Posts

11.11.2021 by mistry4592
The Most used Chrome Extensions are Used For Penetration Testing.
08.10.2021 by NNeuchi
How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information Agency)
26.08.2021 by PyaePhyoThu98
eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)
14.07.2021 by Open Bug Bounty
Interview With Open Bug Bounty
25.05.2021 by 0xrocky
Google XSS Game

  Recent Recommendations

@AsictSoc     9 December, 2021
    Twitter AsictSoc:
Dear Cyber_World,

the SOC of Politecnico di Milano would like to thank you for disclosing us the vulnerability on our infrastructure.
@EplayerTv     1 December, 2021
    Twitter EplayerTv:
Very good researcher, also provides clear instructions how to easily fix issue.
@martin_ouwehand     30 November, 2021
    Twitter martin_ouwehand:
We thank KhanJanny for his responsible disclosure of an XSS in one of our Web sites
@Securityteam11     29 November, 2021
    Twitter Securityteam11:
Indrakant notified us responsibly in relation to an issue with one of our websites. Upon seeking further information. his response was prompt and thorough. Thank you Indrakant great effort.
@chrisbeach     29 November, 2021
    Twitter chrisbeach:
Helped me fix a bug on my site - thanks joe-grizzly!