Bug Bounty Program - Kyliekyler/MAGNETAR GitHub Wiki

Badge

Bug Bounty Program

MAGNETAR invites developers and security researchers to audit its functionality for vulnerabilities or security flaws.

Any security issues discovered should be reported to Kyliekyler. All reports that meet the conditions and scope indicated below and result in code or configuration changes are eligible for the bounty.

Rules and Principles

In general, MAGNETAR's bug bounty program aims to improve security by utilizing new and current penetration testing techniques. We expect security specialists to use common sense and act in good faith when conducting investigations in accordance with this concept - the following is a non-exhaustive set of rules that always apply:

  • Your testing must not infringe any laws or have a harmful impact on other users.

  • Vulnerabilities that are publicly disclosed or disclosed to third parties before being addressed are not eligible for our bug bounty program. Vulnerability brokers are included.

  • Attempting to obtain access to MAGNETAR's source code is strictly prohibited.

MAGNETAR will not take legal action against anyone who conducts proper vulnerability research and disclosure in accordance with our policies.

Non-qualifying Issues

Reports should emphasize the vulnerability's security-related severity and impact. The following is a non-exhaustive list of concerns that do not normally qualify for our program.

  1. Key or session hijacking caused by external malware affecting the operating system

  2. Irrelevant scanner or automated tool reports

  3. Attacks that necessitate physical access to the user's device

  4. Vulnerabilities that are not repeatable due to obsolete or allegedly faulty versions of software

An issue may only be submitted once. Duplicate issues submitted by the same person or several people do not qualify; only the first report will be examined.

Program Scope

Any other bug (e.g. usability, interface, etc.) that has no impact on security should be reported on our dedicated public bug tracking channel instead.

Submission

If you discovered an issue that is in scope, eligible, and discovered in compliance with our criteria, please report it to Kyliekyler.

We want all reports to be written in English and to adhere to a standard template, including spacing:

## Description: 
[Briefly describe the vulnerability, including its kind.]

## Steps to reproduce:
[1] Step one...
[2] Step two...
[n] Finally...

## Impact:
[What is the practical, concrete risk posed by this vulnerability?]

## Additional details:
[Preconditions, tools utilized, media evidence, session and timestamps when needed]

Prize

Valid reports that result in a change in code or configuration are eligible for a complimentary MAGNETAR+ subscription. We reserve the right, at our sole discretion, to decide the legitimacy for each report.