security features and the hassle involved with fixing it.

The Bounty Program

We appreciate and compensate security researchers who help us to enhance security by reporting vulnerabilities. Financial rewards for such reports lie solely in the discretion of rufalo.com, based on several factors, including risk, impact, and other considerations.

In order to be considered for a bounty, the following must be done:

Follow the guidelines given under the “Fundamentals”.

Find and report a vulnerability in our services or infrastructure that poses a risk to security or privacy. (rufalo.com determines the severity of all issues, so there may be bugs that do not concern security.)

Make the submission in the security center and not contact the employees for good measure.

If in the course of your investigation an instance of privacy violation or disruption is unintentionally caused (e.g., access of confidential data), kindly include it in your report.

We will look into all the valid reports as well as provide responses. Due to the volume of reports submitted, responses are based on risk and others, so it may take a while for you to get one.

We can also publish any of the reports that we want.

Rewards Guidelines

The impact of the vulnerability governs our reward amount. We will refine the program in the future based on the feedback we receive; please feel free to provide any suggestions for improvement.

Please provide detailed reports, with a clear and concise description of all reproducible steps. Reports that are not detailed sufficiently to reproduce the issue may not be awarded a bounty.

In case of duplicates, the bunny will be awarded to the first fully reproducible report.

Multiple vulnerabilities caused by a single underlying issue will attract one bounty.

The bounty amount is decided based on the impact, ease of exploitation, and the quality of the report. The security features and the hassle involved with fixing it.