WiseHosting Bug Bounty Program

Bug Bounty Program

The WiseHosting Bug Bounty Program invites cybersecurity enthusiasts, ethical hackers, and security researchers to collaborate with us in enhancing the security of our digital infrastructure. We value staying ahead of potential security risks and addressing vulnerabilities to ensure a safe and reliable experience for our customers.

Why a Bug Bounty Program?

Cybersecurity is critical when developing complex systems and services. Despite our best efforts, no system is entirely immune to vulnerabilities. Through the WiseHosting Bug Bounty Program, we aim to strengthen our security posture with the help of talented individuals, ensuring our systems are as robust as possible.

How It Works

Discover: Security Researchers can commence testing and exploration within the defined parameters, hunting for potential vulnerabilities according to the Scope and Eligibility and following the Rules of Engagement.

Report: Upon discovering a security issue, participants can submit a detailed report by sending an email to [email protected] with their findings.

Validation: Our team of experts will promptly review each submission to verify its legitimacy and severity and will provide a reply in less than 1 week after receiving the message.

Reward: Valid reports will be rewarded based on the severity of the vulnerability and adherence to our guidelines. Rewards include monetary compensation, recognition, and our heartfelt gratitude for contributing to our security efforts. Rewards for confirmed vulnerabilities are expected to be paid out within 1 month of the reporting date.

Resolution: Once validated, our team will work diligently to address and remediate the reported vulnerabilities in the shortest time possible.

Scope and Eligibility

The WiseHosting Bug Bounty Program covers the following items:

Web applications: *.wisehosting.com

Authentication mechanisms

Infrastructure Security

Response Timeframes

Fatal vulnerabilities: followed up and dealt with within 48 hours. Preliminary conclusions and ratings are given.

High-risk vulnerabilities: dealt with within 3 working days, and preliminary conclusions and scores will be given.

The remaining vulnerabilities will be followed up and scored within 7 working days. If the reporter thinks it is an emergency, an email can be sent to [email protected], and the email will be processed after confirmation by the auditor.

The repair time for vulnerabilities generally does not exceed 30 days, and the difficulty of repairing vulnerabilities may vary.

Vulnerability Tiers

Vulnerabilities are categorized based on their severity:

Critical: Server access exploits, remote code execution, unauthorized access to admin control panels.
High: Data breaches from misconfigurations, API vulnerabilities, or insecure file handling.
Medium: Insufficient data encryption, information leakage, or privilege escalation.
Low: Information disclosure, clickjacking, or CSRF vulnerabilities.

Monetary rewards will correspond to the severity of the vulnerability.

Rules of Engagement

Participants must follow these guidelines:

Respect user privacy and data confidentiality.
Avoid actions that disrupt or compromise WiseHosting services
Adhere to all relevant laws and regulations.

Prohibited Actions:

Exploiting vulnerabilities to harm users or WiseHosting systems.
Downloading or misusing sensitive data during testing.
Engaging in activities that cause downtime or harm to WiseHosting services.
Maliciously exaggerating vulnerability impacts or publicly disclosing them before resolution.
Violating international or local laws during testing.

Report a Bug

Ready to contribute? Send your findings to [email protected] and help make our systems safer for everyone.

Disclaimer

WiseHosting reserves the right to modify the Bug Bounty Program's terms and conditions without prior notice. Participation implies acceptance of the program's rules and guidelines. Rewards are subject to change based on vulnerability severity and impact.

Login