Service introduction for security experts
Service Usage Procedures
You can get a reward by participating in the BugBounty program and reporting a security bug.
Please register for a new account on sign up page.
Investigation on objective program
Please investigate within the scope written in the program details. Please ensure the rule carefuly. When you don't follow the rules, possibility the vulnerability may not be accepted. Vulnerabilities that are recognized for the rewards are fixed in advance. Please check the excluded vulnerabilities' information as well.
Report a bug
When you find a bug, please work on a report from a “report button” found in the upper part of the program detail.
The more detailed and better-written report have a greater chance being recongnized quicker.
Get a reward if the report got eligible
The reward will be paid by the 15th of the following month of when the bug got eligible. Please register your payment method by the last day of the month of the first eligible.
If your report got eligible,
points will be given
Ranking is determined according to the number of points. You can get points based on the reward you get (1pt/¥1,000). Even though in case the bug you found is not eligible, there is a possibility that a fixed number of points will be given.
Invitation for the Private program
Those who submit beneficial reports will be invited to the private program. Invitation for the private program is conducted in consideration of past performance.
Examples of Rewards
This platform advises clients to judge the risk and calculate the reward based on CVSS v3. The range of the reward is followings.
Examples of BugBounty.jp (Sprout Inc.)
Cross-site Request Forgeries
What is CVSS?
CVSS (Common Vulnerability Scoring System) is a opend and general scoring method for vulnerabilities in information systems, and it provides common scoring method which does not rely on venders. You can compare the severity levels quantitatively under the same standard. For further information, please refer to the link.Explanation by IPA (external site)
Hackers and Security Experts