Vulnerability Disclosure Policy - Bug Bounty Program

We at FASTPOTATO PTE. LTD take security very seriously and are committed to safeguarding our systems and data from any potential threats. To help us maintain the security of our platform, we offer a bug bounty program with rewards for researchers who discover and responsibly report security vulnerabilities to us.

Our bug bounty program follows a rating system based on the Bugcrowd Vulnerability Rating Taxonomy, which includes the following severity levels:
Critical severity$500 USD
High severity$200 USD
Medium severity$100 USD
Low severity$50 USD
no reward
We appreciate the responsible disclosure of valid vulnerability reports and will reward security researchers for their efforts according to the severity level of the reported vulnerability. The rewards will be determined at our discretion based on the criticality of the vulnerability, the quality of the report, and any other relevant factors.
Out of Scope
The following activities are specifically excluded from our bug bounty program:
  1. Testing on alpha versions of our applications
  2. Social engineering, such as phishing, of our employees or customers
  3. Physical security testing of our offices, servers, or employees
  4. Testing of third-party software other than misconfigurations or vulnerabilities caused by the third-party software
  5. Self XSS attacks
  6. Misconfigured or lack of DMARC records
  7. Brute Force attacks
  8. DDoS attacks
If you have discovered a security vulnerability related to our platform, we encourage you to report it to us as soon as possible through our bug reporting to [email protected]. We ask that you provide us with enough information to reproduce the issue, including a proof-of-concept or steps to reproduce the vulnerability. We also ask that you keep all information related to the vulnerability confidential until we have addressed it.
Once we receive your report, we will work to verify and respond to it as quickly as possible. We appreciate your cooperation and contributions to maintaining the security of our platform.