Самозанятый багхантер: максимум выплат, минимум бумагПлатформа BI.ZONE Bug Bounty позволяет багхантерам легально искать уязвимости в компаниях и получать за это вознаграждение. Его размер устанавливает каждая компания индивидуально в зависимости от критичности уязвимости и ее импакта — на это мы не можем повлиять. Но при разработке своей платформы мы постарались учесть интересы исследователя и сделать для него процесс получения выплат максимально выгодным и удобным
Read
The BI.ZONE Bug Bounty platform connects companies and bug huntersThe platform gives organizations a clear picture of how secure their IT assets are while independent researchers earn rewards for discovering vulnerabilities
Create powerful bug bounty programs together with BI.ZONEWe will help you craft your program, define its scope, and offer appropriate terms for bug hunters. This will make the bug bounty program appealing to security researchers and valuable to you
Delegate triageWe are ready to triage all detected vulnerabilities. All you have to do is receive verified reports and approve payments to independent researchers
Choose bug hunters that meet your requirementsYou get to decide who can access your program. For instance, you can specify the must-have skills and experience or even send out personal invitations by email
Use convenient reporting toolsMarkdown allows you to neatly describe the program. Filtering (date, status, etc) allows you to better navigate reports. The roles model allows for a more effective administration of the process
Use a solution from the Register of Russian SoftwareBI.ZONE Bug Bounty platform has been registered by the Ministry of Digital Development, Communications and Mass Media of the Russian Federation in the Register of Russian Software
Publications
Месяц хардкорного багхантинга: запускаем BUGS ZONE!Представляем вам BUGS ZONE. Это две недели хардкорного багхантинга и закрытый митап в Москве с ограниченным количеством мест.
Сдавайте баги на нашей платформе, попадайте в топ и встретимся на митапе 12 апреля :)
ReadPartners
ПОХЕК
Bounty On Coffee
Омский багхантер
SHADOW:Group
PAINtest
BugXplorer
GigaHackers
FAQ
What is a bug?
We have seen cases where a bug is defined as any error on a website: a button that didn't work or a misplaced comma. But within the bugbounty framework, we are talking strictly about cybersecurity vulnerabilities. For example, these are errors that lead to remote code execution on API nodes. See the detailed description of each of the programs freely available on the platform for more information on where to look for such bugs and what else they can be. https://bugbounty.bi.zone/companies.
We found critical vulnerabilities, but they're not included in the scope. Can I get a payout for them?
It's awesome that you were able to find vulnerabilities that impact a company's cybersecurity! But keep in mind that submitting bugs outside of the given scope could be a thankless task. The company may not be able to pay for such reports because they did not budget for it. Your time and effort will have been spent in vain.
What to do if a company refuses to pay for a discovered vulnerability?
In conflict situations, it is better to present arguments rather than appeal to emotions. You may suggest revising the size of the award. In any case, do not be afraid to contact our support specialists with independent expertise in the field of information security. We will help you sort things out because one of the goals of the BI.ZONE Bug Bounty platform is to build beneficial cooperation for everyone. Hence, we strive to mediate difficult situations.
Is bug bounty even legal?
We often get this question from researchers. If the bug hunter acts as stipulated in the program, then everything is legal. But hacking into a company's infrastructure using DDoS attacks or social engineering methods is forbidden in the vast majority of cases and is stated so in the terms and conditions.
In what format should I submit the report to guarantee a payout?
Our developers thought of all the tools you need to generate the perfect report. Use markdown to make the found vulnerabilities look clear and appealing. You can also use ready-made templates to save time. Be sure to send all proofs of work along with the report: a screenshot, PoC video, script or burp file that will help the company verify the vulnerability. All this will show that you actually exploited the vulnerability, and you did it as a white hat. The more evidence you have, the more likely you are to earn a reward. Alas, the vendor does not pay for the theoretical exploitation, so aim to present practical evidence.
Is it only individual persons who can bug hunt on the platform?
No. There are three tax statuses to choose from. You can enter into a civil law contract with us as an individual. But it is more advantageous to be self-employed or an individual entrepreneur.
What is the difference between being self-employed or an individual entrepreneur?
Individual entrepreneurs undergo state registration, choose a taxation system, and pay insurance premiums.
Self-employment is simpler. It is suitable for those who already have a regular job, and bug hunting is their spare time activity. It has significant advantages:
· Quick and easy registration with konsol.pro takes only 10 minutes. A detailed description of the process can be found on the platform's blog.
· An ordinary bank account is suitable for receiving payments, no special current account is needed.
· The tax payment process is automated thanks to the integration with konsol.pro.
How do I change my tax status?
If you initially registered with konsol.pro as an individual and later decide to claim rewards under a different status, you do not need to delete the account. You do not need to write an additional application to change your tax status either. All you need is to contact our support. In an email to bb@bi.zone or a message in Telegram @BizoneBugBountySupport, specify your full name and describe the situation. We will help.
Bug found. What do I do next?
The general process for bug bounty on our platform looks as follows:
1. You find a bug and send a report to the company through the platform.
2. The company confirms the bug and sets a reward depending on its criticality.
3. When you receive a notification that the company is ready to pay you the bounty, you register in konsol.pro and specify your account details. You can do this through the profile settings on the platform or via the link.
4. After the payment provider verifies you, you sign a contract with BI.ZONE Bug Bounty via konsol.pro, as well as a statement of the work conducted.
5. The payment is in your account (usually within 30 hours). This and other information will come via push notifications.
I can not find the answer to my question here. Who should I ask?
We did our best to cover all issues in these recommendations, but if you haven't found what you were looking for, write to our support at bb@bi.zone or Telegram @BizoneBugBountySupport.
Privacy policyTerms of useFollow us@t.me/bizone_bbSupportbb@bi.zoneDistribution of PDPs