Bug Bounty
Bug Bounty Program Policy
Objective
The Bug Bounty Program at Audit My Payroll aims to encourage responsible security research in our customer-facing systems, including our website and applications. We appreciate the valuable contributions of security researchers and believe that a responsible disclosure policy enhances the security of our platforms.
Scope of the Program
- Eligible Systems: All publicly accessible Audit My Payroll applications, APIs, and our official website.
- Ineligible Systems: Internal applications, third-party integrations, and systems acquired within the last six months.
Eligible Bug Types
- Security Vulnerabilities: Such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), authentication issues, and remote code execution.
- Data Exposure: Unauthorized access to or exposure of sensitive data.
Rewards
- Critical: AUD $200 – $500 for vulnerabilities like remote code execution or full database access.
- High Severity: AUD $100 – 200 for significant risks like SQL injection or substantial authentication bypass.
- Medium Severity: AUD $50 – $100 for vulnerabilities like cross-site scripting or moderate data exposure.
- Low Severity: AUD $20 – $50 for less impactful issues such as minor information leaks.
Reporting Process
- How to Report: Please report vulnerabilities by sending a detailed email to [email protected].
- Report Content: Include detailed steps to reproduce the issue, affected systems, and any other relevant information.
- Acknowledgment: We will acknowledge receipt of your report within 5 business days.
- Verification and Updates: Our security team will evaluate the submission and provide regular updates on the resolution process.
Legal and Ethical Guidelines
- Safe Harbour: Participants who adhere to this policy are assured of our cooperation and protection from legal action related to their findings.
- Confidentiality: We expect researchers to maintain the confidentiality of their findings until a fix is deployed.
