Introduction

Welcome to the Getequity Bug Bounty Program. As a company, Getequity is committed to ensuring the security and privacy of our customers’ data. To assist us in identifying potential flaws on our platform, we are inviting ethical hackers and security researchers to participate in our program.

Scope

The scope of this program includes the following systems and services:

• Getequity website (https://getequity.io)
• Getequity web application
• The Getequity mobile app
  • iOS (https://apps.apple.com/us/app/get-equity/id1567182116)
  • Android (https://play.google.com/store/apps/details?id=io.getequity.mobile)
• Getequity API (https://api.getequity.io)

Eligibility

Anyone who is at least 18 years old and resides in a country where bug bounty programs are permitted is eligible to participate in this program.

Rewards

For reported valid and distinctive vulnerabilities, we provide incentives. Based on the severity of the vulnerability, the accuracy of the report, and the possible impact on our users and customers, rewards will be granted. Our benefits include:

• Not severe - $30
• Mildly severe - $60
• Severe - $100

We reserve the right, at our sole discretion, to change the reward amounts.

Severity Determination

The Common Vulnerability Scoring System (CVSS) version 3.1 will be used to access the severity of a vulnerability. The CVSS is an industry-recognized method of assessing the seriousness of security vulnerabilities. The following factors will be considered in determining the severity of a vulnerability:

• Attack Vector: the technique an attacker uses to take advantage of a weakness (e.g., remote, local, adjacent, network).
• Attack difficulty: the effort required to successfully exploit the weakness (e.g., low, medium, high).