We are pleased to announce the launch of our Bug Bounty Program for specific software provided through www.askbtc.org.
For the purposes of this program, we use the following definitions:
In accordance with the terms of the program, we offer remuneration (remuneration) for any errors, vulnerabilities and exploits related to security (collectively, 'Errors') found on the website www.askbtc.org; Account registration service; WebREST API; AskBtc and related software; Support for AskBtc, including a website and related software, other software and related services that form the AskBtc trading system, referred to as the «reporting area».
You have the right to participate in this program if:
To qualify an error report, it must meet the following conditions:
We can reject any bug report that, in our sole discretion, does not meet these criteria.
This program is dedicated to identifying significant errors that have a direct and obvious impact on the operation and safety of our system and the data of our customers and / or can lead to loss of our or customers' funds and / or profits, illegal enrichment of any person. We do not qualify reports that affect the operation of our system, if the customer can solve the problem on his own.
Reports of errors and vulnerabilities in third-party software and services outside the reporting area are welcome (operating systems, libraries, browsers, plug-ins, host services, SDN, cloud software, services, CRM, forums, etc.), but they Do not correspond to general provisions. Such problems are investigated by the relevant suppliers. Nevertheless, the critical problems affecting our software, services, can be investigated by us.
Please note that we reserve the right to decline any representation that we define, in our sole discretion, falls into any of these categories of errors, even if it is eligible for a remuneration.
Any error reports should be made by e-mail at: bugreport@askbtc.org
The entire error report should be compiled in a clear and comprehensive manner and should contain at least the following:
The error report must be executed in a polite manner, can not contain any unsuitable language and / or other obscene content, and can not be otherwise compiled in such a way that it is understood by AskBtc and its personnel.
If during the investigation you unintentionally committed a breach of confidentiality (for example, you have access to the information of the AskBtc user account, service configurations or other confidential information), please indicate this in your error report.
There are no restrictions on the number of qualified error reports that can be provided and received by the applicant.
By sending us a bug report, you agree and acknowledge that you will not disclose the content of the bug report, including the current exploit code for the applicable vulnerability, and not use it in your own account.
If the error report meets the above requirements, you will receive an email message stating that your error report was successfully received by us.
Our research team will verify all correctly submitted bug reports and confirm their eligibility. AskBtc reserves the right to determine which error report is qualified. The study time may take a while. Please note that, given the number of submitted error reports and its complexity and completeness, it may take time to examine your error report. Please, refrain from disclosing the contents of your error report or publishing it on other resources.
The fee will be paid at own discretion of AskBtc, based on the quality and complexity of the reported error.
The minimum amount paid for a qualified error report is $ 100 to a maximum of $ 10,000.
The final amount is always chosen at the discretion of the research team and depends on the risk associated with the error in the matter, its impact on the relevant work of our services and other factors. In particular, we can decide to pay higher rewards for particularly critical vulnerabilities; The decision to pay lower rewards for vulnerabilities that interact with the user; The decision that several reports are so closely related to each other guarantees only one reward. The decisions taken by AskBtc are final for you.
After the error report is verified by our research team, you can be contacted so that you can provide the necessary documents to process your award. After we receive the documents and confirmation that you are eligible to receive payment under this program, we will process the application for a fee.
You should not use errors for your own or for third-party benefits, nor for damage to our trading system, software, etc.
You must not disclose the contents of your error report or publish it on other resources.
You should not break the law or compromise any data that is not your own, when testing an error or sending an error report.
When investigating an error, you should focus only on your own accounts. Never try to gain access to someone else's account or data and do not commit to any actions that may be unacceptable or damaging to other AskBtc users or AskBtc itself. When researching, you should not attempt to perform the following methods: DDoS attacks, the use of black technologies for SEO spies, spam people, do not write and do not use Expert Advisors that are error-based. We also prevent the use of any vulnerability testing tools that automatically generate very large amounts of traffic.
If our team finds out that you have committed the action specified in this paragraph, you will not be able to receive the award. If you report an error used during a current or past attack, and we have reason to suspect that you are an intruder, we reserve the right not to pay a reward.
We will not take any legal action, refund or protect you from any and all obligations in relation to your activities with errors in our reporting area, provided that you and your error report must remain in accordance with the terms of this Program.
By submitting your bug report to AskBtc, you are:
We can not pay compensation to persons living in countries under the sanctions of the United Nations Security Council or to countries entrusted with the Financial Action Task Force (FATF), urging its members and other jurisdictions to use countermeasures to protect the International Financial System from Current and significant money laundering and terrorist financing (ML / FT) risks arising from jurisdictions.
You are responsible for any tax consequences, depending on the country of residence and citizenship. There may be additional restrictions on your ability to participate in our Bug Bounty Program, depending on your local legislation.
If there is a dispute as to who is a qualified applicant, we will review the eligible applicant and notify the account holder of the email address used to register the account with AskBtc.
We reserve the right to publish lists of error reports and a list of experts who provided useful reports on security errors. You can notify us that you want to remain anonymous to the public, but we need to know your legal name and address to pay you.
If your error report is qualified, but you are under 14 years of age or you are considered a minor in your legal residence, we may require your parent or legal representatives to sign all necessary forms on your behalf. If you do not complete the required forms in accordance with the instructions or send the required forms within the time specified in the notification, we will not be able to complete the payment. We can not process the payment until we receive all the necessary documentation.
We can cancel this Bug Bounty program at any time when we deem it necessary for any reason.
Make sure you carefully read and understood the terms of this Bug Bounty program before sending us an error report. By sending us a bug report, you agree to these terms and conditions. If you do not want to accept these terms, do not send us an error report or otherwise participate in our Bug Bounty Program.
Thank you for your cooperation!