Print Logo
You're using an older browser that we are unable to fully support. Your experience with our site may be less than optimal due to our focus on performance, security and reliability. Consider upgrading your browser if you have problems using our site. Learn More
 

Get Paid to Report Serious Bugs and Security Issues

Put your experience to work for cash or store credit but. Most of all to make everyone's experience here better and more secure.


Responsible Disclosure

If you checkout or submit contact or lead forms, use "Test" as your first and last name. Keep order values on checkout tests below $100.
Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services. Do not access or modify data that does not belong to you. Do not make any information public until the issue has been resolved.

In order to encourage responsible disclosure, we will not bring legal action against researchers who point out a problem provided they do their best to follow the above guidelines.


This is Eligible

We decide if the minimum severity threshold is met and whether it was previously reported. Anything which has the potential for financial loss or data breach is of sufficient severity, including:

$US 1,000.00 Remote code execution / SQL injection
$US 300.00 Authentication bypass or privilege escalation
$US 300.00 Click jacking
$US 300.00 Obtaining user information but not enumeration
$US 150.00 XSS
$US 150.00 CSRF
$US ? Other at our discretion

This is In Scope

.silvergoldbull.com
.silvergoldbull.de
.sgb.co

This is Outside of Scope, Not Eligible

Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website
Denial of service
Spamming
Previously reported
Out of date software
Best Practices
Enumeration
SPF except for silvergoldbull.com
Attacks requiring physical access to a user's device
Password and account recovery policies, such as reset link expiration or password complexity
Missing security headers which do not lead directly to a vulnerability
Use of a known-vulnerable library (without evidence of exploitability)
Issues related to software or protocols not under Silver Gold Bull control
Reports from automated tools or scans
Reports of spam
Vulnerabilities affecting users of outdated browsers or platforms
Social engineering of Silver Gold Bull staff or contractors
Any physical attempts against Silver Gold Bull property or data centers

Apply Rate Limits of 1 per second to Automated Scanning

If you employ automated scanning tools, their requests must be rate limited to not exceed 1 requests per second. Failure to do so may be considered a DoS attack and will result in disqualification. Automated vulnerability scanners commonly have low priority issues and/or false positives. Before submitting the results from a scanner, please take a moment to confirm that the reported issues are actually valid and exploitable. Please submit an issue only if you have a reproduce-able proof-of-concept.

Send a Rich Report

Detailed steps on reproducing the bug. If valuable, please include any screenshots, links you clicked on, pages visited, etc. Quality not quantity. Keep focused on the technical details and provide precise explanations; stay clear of off-topic commentary. Provide a concrete attack scenario. How will this impact the company or our users?

We will respond to reports according to severity.