Bug Bounty Program
IntroductionCodeChef was created as a platform to help programmers make it big in the world of algorithms, computer programming, and programming contests. Apart from providing a platform for programming competitions, CodeChef also has various algorithm tutorials and forum discussions to help those who are new to the world of computer programming. Bug Bounty Program is our recent addition at CodeChef. The program is started to seek help from the community members to identify and mitigate security threats. Maintaining effective security is a community effort, and to recognize their efforts and the important role they play in keeping our Platform safe for everyone we offer a bounty for reporting certain qualifying security vulnerabilities. Please make sure you review the following program rules before you report a vulnerability. By participating in this program, you agree to be bound by these rules. Policy StatementOur public bug bounty program aims to continue improving the security of our products and services while strengthening our relationship with the community. We recognize and reward security researchers who help us keep people safe by reporting vulnerabilities in our products and services. Our rewards come in the form of Laddus, you can refer the criteria to redeem the same at https://www.codechef.com/laddu. Every bug you report is rewarded based on the level of severity. The participants of this program understand and agree that only reports that meet the eligibility criteria shall receive Laddus. Further, you must comply with all applicable laws in connection with your participation in this program. We may modify the terms of this program or terminate this program at any time. PurposeThe purpose of this policy is to encourage and allow independent security researchers to report bugs to an organization and receive rewards or compensation. These bugs are usually security exploits and vulnerabilities, though they can also include process issues, hardware flaws, and so on. These rewards in return encourage the developers to discover and resolve bugs before the public is aware of them, preventing incidents of widespread abuse. Validity of the LaddusThe Laddus shall be valid and can be redeemed within a period of three years from the date when the Laddu is credited (applicable for all Laddus credited from 1st April 2021). The Laddus that are already credited and not redeemed yet shall be redeemable and valid till 31st March 2024. Application of PolicyThis policy applies to anyone and everyone who will report a bug to us. Bug bounty program processesThe points to keep in mind while reporting a bug are as follows:
Disclosure GuidelineDiscussing bugs publicly (or with anyone) without CodeChef's consent will void the rewards and may result in serious repercussions. Reasons for disqualifyingThe reasons when a report can be disqualified are:
Kinds of Bugs and reward for the same
Rules
Policy ReviewThis policy is subject to internal review by CodeChef from time to time to establish its efficacy. CodeChef will make changes to this policy from time to time to improve the effectiveness of its operation. In this regard, any reporter who wishes to make any comments about the Policy may forward their suggestions to bugs@codechef.com. |