The ‘Bounce Bug Bounty Program’ has been designed to encourage researchers to help Bounce discover vulnerabilities across our platforms. We appreciate the external contributions from the researcher community that help us make our platforms safer. Through the Bug Bounty Program, we look at recognizing and rewarding all valid contributions subject to the severity of the vulnerability reported.
Issues and vulnerabilities covered on different platforms of Bounce: Android App, iOS App, Website (bounceshare.com). Refer to the Rewards section for type of vulnerabilities covered in the Bug Bounty program.
Researchers should submit their findings that cover eligible vulnerabilities to: firstname.lastname@example.org. Only emails sent to this email address will be considered valid for the Bug Bounty Program.
While the monetary reward will be decided on the basis of the criticality and severity of the issue on a case-to-case basis, the following table outlines the indicative amount that each category will be eligible for:
|Type of Vulnerability||Reward|
|Sensitive Data Leaks, SQL Injections, Security issue in Payment||Up to Rs. 50K, depending on severity|
|Bike Vulnerabilities/Hacks, App Side Issues that can cause potential security problems||Up to Rs. 30K, depending on severity|
|API tweaks that can control Bounce trips||Up to Rs. 20K, depending on severity|
|App functionality issues||Up to Rs. 5K or Bounce Cash, depending on severity|
Certain exceptional contributors who help in identifying and fixing a bug that is categorized as “high-vulnerability” by us may also find a place in the ‘Hall of Fame’ listed on the website.
Contributors who report bugs with low severity that are not covered here may receive Bounce goodies.
Bounce will have the sole right to decide the Reward to be awarded under the Bounce Bug Bounty Program, and such amount may vary upon Bounce’s sole discretion.