Invitamos a la comunidad de security researchers a que nos ayuden a detectar vulnerabilidades de impacto crítico, alto, medio y bajo en nuestra plataforma.
La seguridad es una prioridad para nosotros y creemos que una buena manera de mejorarla es premiando a hackers que encuentren la manera de afectarnos en un ambiente controlado.
El detalle de nuestro programa de bug bounty está en https://fintual.cl/security-policy.txt y es éste:
We welcome software security researchers that want to help us hunt down vulnerabilities. Should you find one, send it over. We'll be filled with gratitude and reward you with up to$5,000 USD for critical vulnerabilities. Our program has very few rules for now, and we will react on acase by case basis, applying our criteria to determine awards. - Reproducible steps: If the report is not detailed enough to reproduce the issue, the issue will not be eligible for a reward. - One vulnerability per report: unless you need to chain vulnerabilities to provide impact. - Duplicates don't get rewarded: we only award the first report that was received (provided that it can be fully reproduced). - One origin: Multiple vulnerabilities caused by one underlying issue will be awarded one bounty. - No social engineering: Phishing, vishing, smishing, etc are prohibited. - Don't be evil: Make a good faith effort to avoid privacy violations, destruction of data , and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder. $50 - Low impact / low risk $150 - Medium impact / medium risk $500 - High impact / high risk $5.000 - Critical impact / high risk
Contact: security~AT~fintual~DAT~com Canonical: https://fintual.com/.well-known/security.txt Encryption: https://fintual.com/pgp-key.txt Acknowledgments: https://fintual.com/hall-of-fame.txt Preferred-Languages: en, es Policy: https://fintual.com/security-policy.txt