DOCUMENTATION

Informations sur le Bug Bounty Program






How to report a security bug ?

You need an account on OpenBugBounty.org to be eligible for our Bug Bounty Program.
Rewards are granted at our discretion. Testing should be done on your own live Face-h.eu account.
Request an invite to our bug bounty program or join directly the program on OpenBugBounty.org and send us all informations to bugbounty@face-h.eu.


Before attempting anything, reporting a security bug or joining our program, please be aware that testing our environment can be designated as a criminal act by the relevant authorities if you are violating Belgium law or any other law. Please be aware that our rules do not supersede any applicable laws. However, if you join the Bug Bounty Program, we will not report you to the authorities if you abide by the rules provided??as long as we are not required to do so by applicable laws. Otherwise, we will consider it like a hack and system intrusion and we will report you to the authorities.



Why Face-h.eu has a bug bounty program ?

Security has the highest priority at Face-h.eu and we??re continuously working to provide secure products. We follow international standards as defined by leading tech companies and security communities. However, no technology is perfect, and Face-h.eu believes that working with skilled security researchers and bug bounty hunters is crucial to identifying weaknesses in any technology.

If you find a security bug in scope of our bug bounty program, we would really appreciate it if you would report it to us. This way, we can further improve the security and reliability of Face-h.eu.


What to look for : We are generally interested in XSS injection, sensitive data exposure, privilege escalation, security misconfigurations or usage of outdated/unsafe libraries.



Direct reports

Signing up for OpenBugBounty.org is free. We encourage all researchers to join the program there. If, for security or legal reasons, you cannot use OpenBugBounty.org, we still appreciate direct reports. These reports are not eligible for Bug Bounty rewards. If you have such a case, you can send us an email to bugbounty@Face-h.eu.