We welcome skilled researchers to share with us any impactful and in-scope issues and the techniques used to exploit them in our products.
If you believe you've found a security bug in our services, we appreciate your cooperation in responsibly investigating and reporting it to us. We are happy to work with you to resolve the issue promptly and ensure you are fairly rewarded for your discovery.
Our Bug Bounty Program offers bounties for bugs which meet the following criteria.
The bug has a direct security impact and falls under one of our Vulnerability Categories. The minimum reward for eligible bugs is $10 USD and maximum reward can be upto $500 USD.
Bounty amounts are decided by the KodeMint team and are not negotiable. One valid bug equals one reward. Acceptance requires multiple valid reports and remains at the discretion of our team.
You should be the first to report this issue to us. Your submission must contain sufficient information including a proof of concept screenshot, video, or code snippet where needed. You must agree to participate in testing the effectiveness of the countermeasure applied to your report. You agree to keep any communication with KodeMint private. The bug must falls under one of our items explicitly listed as Vulnerability Categories here:
Cross-Site Request Forgery, Cross-Site Scripting, Open Redirects, Cross Origin Resource Sharing, SQL injections, Server Side Request Forgery, Privilege Escalation, Local File Inclusion, Remote File Inclusion, Leakage of Sensitive Data, Authentication Bypass, Directory Traversal, Payment Manipulation, Remote Code Execution