Bug Bounty
Welcome to the ArkLabs Digital Bug Bounty Program! We appreciate your interest in helping us ensure the security and integrity of our software and systems. Our Bug Bounty Program provides an opportunity for security researchers to identify and responsibly disclose vulnerabilities in our applications, websites, and infrastructure. We value your contributions and believe in fostering a collaborative approach to security.
Program Details:
1. Scope: Our Bug Bounty Program covers ArkLabs Digital's web applications, mobile applications, APIs, and associated infrastructure. Please review the defined scope before initiating any testing to ensure your efforts are focused on eligible assets.
2. Eligibility: The program is open to all security researchers aged 18 years or older. Individuals or teams are welcome to participate. Employees and contractors of ArkLabs Digital are not eligible for rewards but are encouraged to report vulnerabilities.
3. Vulnerabilities of Interest: We are primarily interested in receiving reports on critical vulnerabilities that could lead to unauthorized access, data breaches, privilege escalation, or remote code execution. However, we also encourage the reporting of other security issues such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL injection, authentication bypass, and other significant security vulnerabilities.
4. Responsible Disclosure: We strongly emphasize responsible disclosure. Participants should not exploit any vulnerabilities beyond what is necessary to demonstrate the presence of a security flaw. We expect participants to adhere to ethical guidelines and refrain from any destructive or malicious activities, including the exfiltration or modification of data.
5. Rewards: Our Bug Bounty Program offers monetary rewards for qualifying vulnerabilities based on severity, impact, and the quality of the report. The reward range depends on the nature of the vulnerability and its potential impact. Additionally, we provide recognition for valid contributions through our Hall of Fame or public acknowledgments, subject to the researcher's consent. Rewards are subject to company resource availability. Submissions of bugs are not guaranteed to receive any reward, either monetary or physical.
6. Submission Process: To submit a vulnerability report, please follow the guidelines outlined in our Bug Bounty Program policy. It includes steps for reporting vulnerabilities, providing necessary details, and encrypting sensitive information. We appreciate clear and concise reports that include all relevant information to facilitate the triage and resolution process.
7. Coordinated Disclosure: We request that researchers do not publicly disclose any vulnerability until we have had sufficient time to address it. We are committed to coordinating disclosure timelines to ensure the necessary patches or mitigations are in place before any public disclosure.
8. Legalities and Safe Harbor: We understand that security research involves potential risks. As part of our Bug Bounty Program, we commit to not initiate legal action against researchers who comply with our responsible disclosure guidelines. We also expect participants to respect the legal boundaries and not engage in any activities that may violate applicable laws or regulations.
9. Program Updates: The Bug Bounty Program details, including scope, rewards, and submission guidelines, may be periodically updated. We encourage participants to review the latest information on our Bug Bounty Program webpage to stay informed about any changes.
10. Contact: If you have any questions or need assistance related to our Bug Bounty Program, please reach out to our Security Team at bugbounty@arklabsdigital.com.
Join us in securing our applications and infrastructure while earning rewards for your contributions. We appreciate your dedication to enhancing the security of ArkLabs Digital, and we look forward to partnering with you in our Bug Bounty Program.
Happy hunting and thank you for making the digital world safer!
Note: Please refer to the Bug Bounty Program policy for complete details and guidelines.