Bug Discover | BugD Village

BugD Village

Register

Event Start Date: 8th August 2022 12:00 AM

Event End Date: 14th August 2022 11:59 PM

Bounty Issue Date: 30th August Note: Rewards will be shipped to respective Researchers

Note: Portal Access will be issued to registered researchers only from Start Date of the event.

Overview:

Agenda of this BugBounty Event (BugD Village) is to promote the energetic Indian researchers and to provide awareness to the Indian organizations about the importance of responsible disclosure policy.

BugDiscover’s ZeroDiscover Program is an initiative to make India a Cyber Safe Country. ZeroDiscover allows organizations which are not practicing responsible disclosure policy to receive sensitive vulnerabilities or threats identified by our security researchers in a secured manner. Sometimes security researchers come across threats or vulnerabilities of application that are not listed on BugDiscover or any other such Bug Bounty Platforms are kept unaddressed to the concerned organizations due to legal policies of the organization. At such occasions, BugDiscover a trustworthy Platform swoops in, helping the researchers in doing a responsible vulnerability disclosure & BugDiscover takes up a pro bono work in escalating the reports confidentially to organizations. ZeroDiscover program awards Certificate of Responsible Disclosure to the researchers for valid submissions.

How ZeroDiscover Works:

How ZeroDiscover Works

  • Security Researcher responsibly identifies Vulnerabilities on publicly available applications/platforms/websites without exploiting or terminating the existing working model.
  • Once the vulnerabilities are identified, security researcher can use ZeroDiscover Vulnerability Submission Portal of BugDiscover to submit the vulnerabilities.
  • BugDiscover Program Managers triages the submissions done by the researchers and validates its accuracy, once approved the Score and Rank of the researchers are updated on the HALL of Fame.
  • Once ZeroDiscover Submission of a researcher is approved, Our PRO team will get into action on behalf of the researcher to report vulnerabilities hassle free to the respective organizations.

Benefits of Researchers:

  • Exposure and learning towards vulnerabilities and bug hunting
  • Learning Curve with different dimensions of technology
  • Understanding the seriousness of responsible disclosure
  • Self-evaluation of their own knowledge & Team spirit
  • Recognition for the efforts of researchers on BugDiscover Hall of Fame

Bounties: (Bounties will be shipped to researchers on 30th August 2022)

  • All Researcher who have successfully submitted a vulnerability and is listed on Hall of Fame will be issued with certificate of Responsible Disclosure and BugD Swags
  • Top 10 Hall Of Fame researchers will be issued with certificate of Responsible Disclosure, BugD Swags and Special Reward
  • Hall of Fame Topper (Rank1) Researcher will be issued with certificate of Responsible Disclosure, BugD Swags, Special Reward and a Surprise Reward

In Scope:

  • Any publicly available applications/platforms/website which has no responsible disclosure policy
  • Organization owning the applications/platforms/website should be Indian or based out of India

Out of Scope:

  • Any platform which has responsible disclosure policy
  • Any plat form associated or enrolled on any bug bounty program

Disclosure Policy:

By making any submission to ZeroDiscover program, researchers should agree to the In Scope and Out of Scope along with the following policy.

  • Researchers focus on Bug hunting or vulnerability discovery should be made on the policy as per (In Scope) & (Out Of Scope)
  • Submission should be made only through ZeroDiscover Submission Portal
  • Post submission of a report a reasonable duration is taken by the program manager to verify and approve the authenticity of the submission made
  • The approval or rejection is based on type of methods involved to identify the bug, severity of the bug and its impact
  • The Ranking will be assigned as per the CVSS scores achieved as a total by respective researchers
  • The researcher should maintain confidentiality of the report till the organization or BugDiscover Issues permission to make a public disclosure or publicly inform the findings
  • The communication of the researcher will only/always remain with the program manager (support@bugdiscover.com)
  • When a submission is made, we request researchers to give a well-explained process to reproduce the same issue/vulnerability

Rules and Non-Qualifying submissions:

  • Strictly avoid - Denial of service, Spamming, Social engineering, Phishing, Vishing, Tailgating, Brute force attempts and Physical attempts.
  • Vulnerabilities or threats identified through physical attacks (phishing, vishing, social engineering, and tailgating) are not allowed and if submitted will not be considered as a qualifying submission
  • System or application or http generated error messages
  • Banner disclosure
  • Disclosure of known public files and or directories
  • Clickjacking and issues only exploitable through clickjacking
  • CSRF on forms that are available to anonymous users
  • Logout Cross-Site Request Forgery
  • Auto Complete or Auto Save Passwords
  • Insecure HTTP Only cookie flags
  • Weak Captcha / Captcha Bypass

For any queries Reach Us over email support@bugdiscover.com