Videsk Bug Bounty Program

Bug Bounty Scope

The following websites are within the scope of the program:

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

General Requirements:

Please bear in mind we are interested in bugs, not user data. If you come across user information during your research, do not save, store, copy, transfer, disclose, or otherwise retain this information and please report it immediately to us.

Note that we are only able to answer technical vulnerability reports. Non-security bugs and queries about problems with your account should be instead directed to our customer support team.

Please perform your research in good faith. Please don’t publicly disclose a vulnerability without our consent and review. Our pledge to you is to respond promptly and fix bugs in a sensible timeframe - and in exchange, we ask for reasonable advance notice.

Reports that go against this principle will usually not qualify, but we will evaluate them on a case-by-case basis.

Any reports related to our customers' infrastructure or services will not be rewarded by us but will be received to notify them. (We'll appreciate it, we hope also them)

Testing Requirements:

More details: https://s.videsk.io

1. Check the out-of-scope reports here: https://s.videsk.io/excluded
2. Send the report by email only: Consider encrypting content and files using the GPG key.
3. Be clear: Please add much information as you need.
4. Reproducible steps: Check the report can be reproduced with the information you provide. If not contains enough info will be labeled as incomplete, discarding the report. (You will be notified)
5. Languages: We accept reports in English and Spanish. Please consider using translators if you don't speak these languages.

The following domains and subdomains are in the scope of valid reports:

- *.videsk.io

Any other domains are out of the scope of this policy. We provide services only on our base and unique domain.

Possible Awards:

We will determine the impact of your reported bug. Broadly speaking, the rewards usually start from USD $10.

In particular, we may decide to pay higher rewards for unusually clever or severe vulnerabilities or pay lower rewards for vulnerabilities that require unusual user interaction.

We may also decide a single report constitutes multiple bugs or that multiple reports are so closely related that they only warrant a single reward.

Videsk rewards bug bounty hunters on a first-come, first-served basis - the first comprehensive report for the same bug will be awarded any bounty.

Special Notes:

We are unable to issue rewards to individuals who are on sanctions lists, or who are in countries (e.g. Cuba, Iran, North Korea, Sudan, and Syria) on sanctions lists. You are responsible for any tax implications depending on your country of residency and citizenship.

Videsk rewards bug bounty hunters on a first-come, first served basis so if you find a vulnerability that has just been reported we will not reward you.

Of course, your testing must not violate any law, or disrupt or compromise any data that is not your own.