Think you've found a vulnerability?
Your insight and discoveries are good for our deep appreciation and a cash reward.
Low | $100 - $249 | E.g. functionality-disrupting |
Medium | $250 - $999 | E.g. escalated privileges leading to disallowed access within an account |
High | $1000 - $4,999 | E.g. escalated privileges leading to access outside one's account |
Critical | $5000 - $10,000 | E.g. RCE, arbitrary SQL injection payloads |
We'll provide rewards to reporters who submit original, in-scope vulnerabilities. Each report is assessed based on criticality, impact and risk to our customers and our company.
Our minimum reward is $100. We may choose to grant bonuses or larger rewards to critical vulnerabilities, more creative exploits, and more insightful reports
One reward per bug; first discovery claims it; ties break toward the best report.
Generally speaking, the whole of the CoachAccountable app including its hosting environment. Any means of gaining actual access to app data you ought not be able to.
This is a long list. It reflects common "vulnerability" reports that either depend on the unsafe/insecure behaviors of other users (which we cannot control) or are merely ostensible "best practices", the violation of which cannot actually be meaningfully exploited.
In your efforts as an ethical hacker to find and report vulnerabilities for the bug bounty program, the following are off limits:
This works because we work together. Contact us with any questions:
security@coachaccountable.com
Deliver better programs. To more people. With less work.