DOCUMENTATION

Informations sur le Bug Bounty Program






How to report a security bug ?

You need an account on OpenBugBounty.org to be eligible for our Bug Bounty Program.
Rewards are granted at our discretion. Testing should be done on your own live Deploylab.eu account.
Request an invitation to our bug bounty program or join directly the program on OpenBugBounty.org and send us all information to security@deploylab.eu.


Before attempting anything, reporting a security bug or joining our program, please be aware that testing our environment can be designated as a criminal act by the relevant authorities if you are violating Belgium law or any other law. Please be aware that our rules do not supersede any applicable laws. However, if you join the Bug Bounty Program, we will not report you to the authorities if you abide by the rules provided as long as we are not required to do so by applicable laws. Otherwise, we will consider it like a hack and system intrusion and we will report you to the authorities.



Why Deploylab.eu has a bug bounty program ?

Security has the highest priority at Deploylab.eu and we're continuously working to provide secure products. We follow international standards as defined by leading tech companies and security communities. However, no technology is perfect, and Deploylab.eu believes that working with skilled security researchers and bug bounty hunters is crucial to identifying weaknesses in any technology.

If you find a security bug in scope of our bug bounty program, we would really appreciate it if you would report it to us. This way, we can further improve the security and reliability of Deploylab.eu.


What to look for : We are generally interested in XSS injection, sensitive data exposure, privilege escalation, security misconfigurations or usage of outdated/unsafe libraries.



Direct reports

Signing up for OpenBugBounty.org is free. We encourage all researchers to join the program there. If, for security or legal reasons, you cannot use OpenBugBounty.org, we still appreciate direct reports. These reports are not eligible for Bug Bounty rewards. If you have such a case, you can email us to security@deploylab.eu.