Last Updated: July 27, 2024
Bug Bounty
Welcome to the Penciled Bug Bounty Program. The security of our users is of paramount importance to us, and we believe that working with skilled security researchers can help identify and resolve vulnerabilities. We invite security researchers to test our platform and report any security issues.
1. Scope
Our bug bounty program covers the following areas:
API
Platform
2. Rewards
Critical: $99
High: $49
Medium: $29
Low: $19
3. Reporting a vulnerability
To report a vulnerability, please follow these steps:
Create an account on our chosen bug bounty platform HackerOne.
Submit your report detailing the vulnerability, including steps to reproduce, potential impact, and suggested remediation.
Include any relevant screenshots, logs, or other supporting information.
We will review each submission and respond as quickly as possible. If your report is valid and in scope, we will work with you to remediate the issue and determine the appropriate reward.
4. Terms and Conditions
Only the first person to report a specific vulnerability will be eligible for a reward.
Public disclosure of the vulnerability is prohibited until it has been resolved and permission is granted.
Employees of Penciled and their family members are not eligible for rewards.
For more details and to participate in our bug bounty program, please visit our page on HackerOne.
Thank you for helping up keep Penciled secure.