We are dedicated to maintaining the security and privacy of the Brain services and customer data. We welcome security researchers or professionals from the community who want to help us improve the security of our products and services. You can submit any security vulnerability found in Brain application to [email protected].
In order to be eligible for a reward under our bug bounty program, you must comply with the terms outlined below.
Brain offers the sandbox https://vapt.weservepayroll.xyz/ for testing security vulnerabilities.
All other Brain (including Brain’s customer and partners) applications, websites, URLs, servers, endpoints, and other IT devices are out of scope.
The researcher and security professional has to submit their profile (Qualifications and achievements) to brain at [email protected]. The Brain team individually review your qualifications and invites you to enter the program. Once your profile is accepted by our security team, we will give you additional support and credentials of application for testing.
Typically, these are individuals who have established reputations, non-negative signals, and clear records with zero code of conduct violations. At times, we may also reach out to additional reputable individuals we believe would benefit the program.
No. You must first submit your credential. Without the approval of Brain, you cannot be a part of program or authorize to do any security resting on Brain’s application or website.
Rewards are distributed according to the impact of the vulnerability based on the severity per CVSS v3.1 Ratings.
Severity | CVSS Rating | Rewards |
---|---|---|
Critical | 9.0 to 10.0 | £ 100 |
High | 7.0 to 8.9 | £ 50 |
Medium | 4.0 to 6.9 | £ 25 |
The table above outlines the nominal rewards for in-scope application environment. Brain, at its own discretion, will make the final decision on the bounties and rewards for qualifying vulnerabilities. In the event of duplicate reports, we award a bounty to the first person to submit an issue. The amounts may vary depending on the severity of the issue and the quality of the report. The brain holds the right to make the final decision at its own discretion.
The following is a non-exhaustive list of reports that do not qualify for a reward under our bug bounty program: