Invitamos a la comunidad de security researchers a que nos ayuden a detectar vulnerabilidades de impacto crítico, alto, medio y bajo en nuestra plataforma.
La seguridad es una prioridad para nosotros y creemos que una buena manera de mejorarla es premiando a hackers que encuentren la manera de afectarnos en un ambiente controlado.
El detalle de nuestro programa de bug bounty está en https://fintual.cl/security-policy.txt y es éste:
We welcome software security researchers that want to help us hunt down vulnerabilities.
Should you find one, send it over.
We'll be filled with gratitude and reward you with up to$5,000 USD for critical
vulnerabilities.
Our program has very few rules for now, and we will react on acase by case basis, applying
our criteria to determine awards.
- Reproducible steps: If the report is not detailed enough to reproduce the issue,
the issue will not be eligible for a reward.
- One vulnerability per report: unless you need to chain vulnerabilities to provide impact.
- Duplicates don't get rewarded: we only award the first report that was received (provided
that it can be fully reproduced).
- One origin: Multiple vulnerabilities caused by one underlying issue will be awarded one
bounty.
- No social engineering: Phishing, vishing, smishing, etc are prohibited.
- Don't be evil: Make a good faith effort to avoid privacy violations, destruction of data
, and interruption or degradation of our service.
Only interact with accounts you own or with explicit permission of the account holder.
$50 - Low impact / low risk
$150 - Medium impact / medium risk
$500 - High impact / high risk
$5.000 - Critical impact / high risk
Para reportarnos:
https://fintual.cl/.well-known/security.txt
Contact: security~AT~fintual~DAT~com
Canonical: https://fintual.com/.well-known/security.txt
Encryption: https://fintual.com/pgp-key.txt
Acknowledgments: https://fintual.com/hall-of-fame.txt
Preferred-Languages: en, es
Policy: https://fintual.com/security-policy.txt