We are committed to security of our products.
We at KodeMint welcome skilled researchers to share with us any impactful and in-scope issues and the techniques used to exploit them in our products.
If you believe you've found a security bug in our apps or services, we appreciate your cooperation in responsibly investigating and reporting it to us. We are happy to work with you to resolve the issue promptly and ensure you are fairly rewarded for your discovery.
You can submit your reports by sending us an email at firstname.lastname@example.org. While submitting your report kindly provide following details:
Our Bug Bounty Program offers bounties for bugs which meet the following criteria:
The bug has a direct security impact and falls under one of our Vulnerability Categories. The minimum reward for eligible bugs is $10 USD and maximum reward can be upto $500 USD.
Bounty amounts are decided by the KodeMint team and are not negotiable. One valid bug equals one reward. Acceptance requires multiple valid reports and remains at the discretion of our team.
You should be the first to report this issue to us. Your submission must contain sufficient information including a proof of concept screenshot, video, or code snippet where needed. You must agree to participate in testing the effectiveness of the countermeasure applied to your report. You agree to keep any communication with KodeMint private.
The bug reports must be related to one of our products! Do not submit reports related to our website, product web pages, third-party packages and third-party packages installed on sub-domains. For example any report on kodemint.in, auth.kodemint.in, signal.kodemint.in, signalv2.kodemint.in, ice.kodemint.in, janus.kodemint.in etc. will be ignored.
The bug must falls under one of our items explicitly listed as Vulnerability Categories here: Cross-Site Request Forgery, Cross-Site Scripting, Open Redirects, Cross Origin Resource Sharing, SQL injections, Server Side Request Forgery, Privilege Escalation, Local File Inclusion, Remote File Inclusion, Leakage of Sensitive Data, Authentication Bypass, Directory Traversal, Payment Manipulation, Remote Code Execution
If you need to share screenshots or videos, please upload to your own Google Drive or any other upload service that is NOT public, and share with us the links to those files in the form.
Please allow us up to 10 days to respond before sending another email on the matter.