Introducing Bug Bounty Program at Bankera
With a growing number of customers placing their trust in us, we strive to ensure that all their expectations are met. There is no doubt that every customer looks forward to the highest level of security when entrusting their funds to Bankera, which we consider our top priority. For this reason, we implement various security measures, such as second-factor authentication. Now, we decided to add another one – a bug bounty program designed to work hand in hand with our community.
What is a bug bounty program?
Bug bounty program offers rewards (so-called bounties) to the users who encounter a vulnerability on an online platform. Such programs help eliminate bugs in a website, product or service. In addition, they protect the platform from potential threats and ensure that it functions safely.
Our Cybersecurity team works relentlessly towards preventing any vulnerability in the system. However, there is always a small chance that some bugs will persist. We think that Bankera bug bounty program is an excellent way to fix every single error and keep the platform running smoothly.
How to report a bug at Bankera?
There is no universal way of reporting online vulnerabilities. However, at Bankera, we value clear and thorough bug reports, as they help us reproduce and fix the problems faster. Here are some guidelines on filing a high-quality bug report:
Provide a clear and detailed report. You should submit bug reports with a comprehensive step-by-step proof of concept that would help us reproduce and evaluate the problem. For instance, a report that explains a web-related error should at least include:
- HTTP requests and responses together with the affected parameters
- Videos or screenshots (if needed)
- Description of the browser (type), operating system, and device
- Description of the perceived effect of the bug
- Suggestions on how to solve the issue (if able)
Keep it private. Do not publicly disclose any files or details of the found bug. This includes uploads to any publicly available platforms (i.e. YouTube, Imgur, Pastebin, etc.).
Make it safe. Encrypt the report and any necessary attachments with our PGP Public Key.
Share with us. Send your bug reports to [email protected]. Our Cybersecurity team will try to reproduce and verify the bug. Then, we will decide if the bounty can be paid.
What reward should I expect for participating in a bug bounty program?
At Bankera, bounties are awarded according to the severity of the reported vulnerability. For instance, reporting a bug of medium severity could earn you a reward of $200 - $1,000. We have not set a maximum reward for the reported bugs – the more critical the issue is, the higher the reward for the user. We base the bounties on three main criteria.
At first, we evaluate the quality of the bug description. Larger bounties are allocated for clear and extensive reports that describe the bug and explain its potential impact on the platform.
Secondly, our team checks the quality of proof of concept. A useful bug report should contain the script, testing code and detailed instructions on how to reproduce the vulnerability on our system. Authors of such reports can be awarded a higher bounty.
Lastly, we encourage our community to include suggestions for fixing the problem in their bug bounty reports. In this way, you can help us not only by spotting the potential threats but also assist in eliminating them, and receive a higher reward.
We believe that working closely with our community will lead to the perfection of our internet banking platform. Read more about Bankera’s bug bounty program and contribute to our security now!
16 December, 2020