Service introduction for security experts

Sign up here


Service Usage Procedures

You can get a reward by participating in the BugBounty program and reporting a security bug.

  1. 01

    Sign up

    Please register for a new account on sign up page.

  2. 02

    Investigation on objective program

    Please investigate within the scope written in the program details. Please ensure the rule carefuly. When you don't follow the rules, possibility the vulnerability may not be accepted. Vulnerabilities that are recognized for the rewards are fixed in advance. Please check the excluded vulnerabilities' information as well.

  3. 03

    Report a bug

    When you find a bug, please work on a report from a “report button” found in the upper part of the program detail.
    The more detailed and better-written report have a greater chance being recongnized quicker.

  4. 04

    Get a reward if the report got eligible

    The reward will be paid by the end of the following month of when the bug got eligible. Please register your payment method by the last day of the month of the first eligible.

If your report got eligible,
points will be given

Ranking is determined according to the number of points. You can get points based on the reward you get (1pt/¥1,000). Even though in case the bug you found is not eligible, there is a possibility that a fixed number of points will be given.

Invitation for the Private program

Those who submit beneficial reports will be invited to the private program. Invitation for the private program is conducted in consideration of past performance.

Examples of Rewards

This platform advises clients to judge the risk and calculate the reward based on CVSS v3. The range of the reward is followings.

Examples of BugBounty.jp (Sprout Inc.)

  • Command Injection


  • SQL Injection


  • Cross-site Scripting


  • Rate Limit


  • Cross-site Request Forgeries


  • What is CVSS?

    CVSS (Common Vulnerability Scoring System) is a opend and general scoring method for vulnerabilities in information systems, and it provides common scoring method which does not rely on venders. You can compare the severity levels quantitatively under the same standard. For further information, please refer to the link.

    Explanation by IPA (external site)

    We are looking forward for
    the registrations of seurity experts.

    Sign up for
    Hackers and Security Experts