Terms of City-Data.com's Security Bug Bounty Program

Introduction

City-Data.com - Bug Bounty

At Advameg, we appreciate the importance of security research. Therefore, we hope to utilize the power of our community to maximize the safety of our systems. In order to maintain the maximum possible level of security, our team appreciates and encourages the responsible disclosure of any security vulnerability that may be found on the City-Data.com website.

If you’re looking for non-security related issue reporting, please visit: www.city-data.com/contacts.html

Basic rules

What does not qualify for a reward in our program?

How do I report an issue?

Please fill out the form located at: city-data.com/bug-bounty-report.php

We need some time to process all requests, especially those addressing more complicated cases. Please allow a few weeks for analysis.

Rewards

If we determine that a reported issue is valid and represents a security vulnerability previously unknown to us, we may issue a monetary reward between $250 and $3,000, depending on the severity of the vulnerability. We reserve the right to publish your handle or nickname if we issue a reward.

Residents of countries that are on U.S. sanctions or trade restrictions lists are ineligible to participate in the program. You are required to provide valid contact information and we will require your tax information if the payout is above $600. Any taxes due as a result of participation in the program are the sole responsibility of the participant.

If for any reason you are unable to or do not wish to accept a reward, you may donate it to a recognized charity (subject to approval). In this case, we will double bounty amount.

All award transactions will be completed through PayPal or check.

Additional questions?

If you need any further information, please contact us at

 

Go back to previous page or City-Data.com homepage.