faq

Read Most
Frequent Questions

What are Points ?
Points are positive numeric values i.e. greater than 0 (which can be gained and lost).
When a researcher submits/reports vulnerabilities via the Bugv platform, their reports bring changes in their point depending on the status and severity of their report.
How the Points are awarded ?
Points are awarded on the basis of severity of bugs.
Severity Points
Critical 50
Severe 30
Moderate                               20
Low 10
How much point is awarded on duplicated bugs ?
The initial Point will be 0 on the platform.
Status Points
Duplicate           5
Not Applicable                      0
Informational 5
What will be actions on spam reports ?
If a researcher spams report in the Bugv platform, the researcher is given 3 chances and the following actions are taken
Spam Report Action
1           The user’s account will be suspended for 24 hours
2                      The user’s account will be suspended for 7 days
3 The user will be banned from the platform
What are initial report status ?
Status Description
New The report is newly submitted and the triage team has not opened or changed the status of the report. It is the default state of a new report.
Need more information(Need more Info) It is a flag that is enabled on the report if the triager team needs more information about the report that a researcher submits or if the report is not clear to the triager team.
Triaged The report has been reviewed and now is in the process of being fixed. Note: The report is still in the initial state and not fixed.
Unresolved When a report is valid and in the process of getting resolved, unresolved status is given to confirm researchers that their report is valid and accepted.
How are Payments given ?
Payments are given in different form i.e. bounties and swag Bugv currently supports Esewa, Fonepay and Paypal for providing monetary rewards. Bugv does not supports direct Bank transfers currently.
How long does it take to receive my rewards ?
Points are awarded on the basis of severity of bugs.
Payout Method Process
Esewa           1-3 days
Fonepay                      1-3 days
Paypal 3-6 days
Can I split my reward amount ?
Researchers can choose different options for getting payments. The researcher can either get the payment according to processing time or get a payment once a month. The researchers can also get payment in bulk( get all the monetary reward from different reports at once) or get paid by splitting the total payout(by taking out only certain monetary rewards at once).
What will be actions on spam reports ?
If a researcher spams report in the Bugv platform, the researcher is given 3 chances and the following actions are taken
Spam Report Action
1           The user’s account will be suspended for 24 hours
2                      The user’s account will be suspended for 7 days
3 The user will be banned from the platform
What are final report status ?
The status of a report given when the decision is made by the triage team to close the report.
Status Description
Duplicate It is given to a report if another researcher has already submitted similar report before. Note: Duplicate is given according to the “Time” when the initial report was submitted. For example, Researcher A submitted an report at 10:00AM 02/12/2020, the report that is submitted after 10:00AM 02/12/2020 are given duplicate for the report submitted by Researcher A
Wont Fix It is a status given to report when the development team decides that the bug does not possess any risk and is not important to fix at the moment.
Not Applicable It is a status given to report that does not possess any or very low security impact on the application.
Resolved The valid report has been resolved and points/bounty are distributed Note: Even though the bug might be given resolved status, it might still be there so re-testing and confirming the bug before disclosing anything must be important.
How are Payments given ?
Payments are given in different form i.e. bounties and swag Bugv currently supports Esewa, Fonepay and Paypal for providing monetary rewards. Bugv does not supports direct Bank transfers currently.
How long does it take to receive my rewards
Payout Method Process
Esewa           1-3 days
Fonepay                      1-3 days
Paypal 3-6 days
Can I split my reward amount ?
Researchers can choose different options for getting payments. The researcher can either get the payment according to processing time or get a payment once a month. The researchers can also get payment in bulk( get all the monetary reward from different reports at once) or get paid by splitting the total payout(by taking out only certain monetary rewards at once).
What are final report status ?
The status of a report given when the decision is made by the triage team to close the report.
Status Description
Duplicate It is given to a report if another researcher has already submitted similar report before. Note: Duplicate is given according to the “Time” when the initial report was submitted. For example, Researcher A submitted an report at 10:00AM 02/12/2020, the report that is submitted after 10:00AM 02/12/2020 are given duplicate for the report submitted by Researcher A
Wont Fix It is a status given to report when the development team decides that the bug does not possess any risk and is not important to fix at the moment.
Not Applicable It is a status given to report that does not possess any or very low security impact on the application.
Resolved The valid report has been resolved and points/bounty are distributed Note: Even though the bug might be given resolved status, it might still be there so re-testing and confirming the bug before disclosing anything must be important.
faq

Read Most
Frequent Questions

What are Points ?
Points are positive numeric values i.e. greater than 0 (which can be gained and lost).
When a researcher submits/reports vulnerabilities via the Bugv platform, their reports bring changes in their point depending on the status and severity of their report.
How the Points are awarded ?
Points are awarded on the basis of severity of bugs.
Severity Points
Critical 50
Severe 30
Moderate                               20
Low 10
How much point is awarded on duplicated bugs ?
The initial Point will be 0 on the platform.
Status Points
Duplicate           5
Not Applicable                      0
Informational 5
What will be actions on spam reports ?
If a researcher spams report in the Bugv platform, the researcher is given 3 chances and the following actions are taken
Spam Report Action
1           The user’s account will be suspended for 24 hours
2                      The user’s account will be suspended for 7 days
3 The user will be banned from the platform
What are initial report status ?
Status Description
New The report is newly submitted and the triage team has not opened or changed the status of the report. It is the default state of a new report.
Need more information(Need more Info) It is a flag that is enabled on the report if the triager team needs more information about the report that a researcher submits or if the report is not clear to the triager team.
Triaged The report has been reviewed and now is in the process of being fixed. Note: The report is still in the initial state and not fixed.
Unresolved When a report is valid and in the process of getting resolved, unresolved status is given to confirm researchers that their report is valid and accepted.
What are Points ?
Points are positive numeric values i.e. greater than 0 (which can be gained and lost).
When a researcher submits/reports vulnerabilities via the Bugv platform, their reports bring changes in their point depending on the status and severity of their report.
How the Points are awarded ?
Points are awarded on the basis of severity of bugs.
Severity Points
Critical 50
Severe 30
Moderate                               20
Low 10
How much point is awarded on duplicated bugs ?
The initial Point will be 0 on the platform.
Status Points
Duplicate           5
Not Applicable                      0
Informational 5
What will be actions on spam reports ?
If a researcher spams report in the Bugv platform, the researcher is given 3 chances and the following actions are taken
Spam Report Action
1           The user’s account will be suspended for 24 hours
2                      The user’s account will be suspended for 7 days
3 The user will be banned from the platform
What are initial report status ?
Status Description
New The report is newly submitted and the triage team has not opened or changed the status of the report. It is the default state of a new report.
Need more information(Need more Info) It is a flag that is enabled on the report if the triager team needs more information about the report that a researcher submits or if the report is not clear to the triager team.
Triaged The report has been reviewed and now is in the process of being fixed. Note: The report is still in the initial state and not fixed.
Unresolved When a report is valid and in the process of getting resolved, unresolved status is given to confirm researchers that their report is valid and accepted.
How are Payments given ?
Payments are given in different form i.e. bounties and swag Bugv currently supports Esewa, Fonepay and Paypal for providing monetary rewards. Bugv does not supports direct Bank transfers currently.
How long does it take to receive my rewards
Payout Method Process
Esewa           1-3 days
Fonepay                      1-3 days
Paypal 3-6 days
Can I split my reward amount ?
Researchers can choose different options for getting payments. The researcher can either get the payment according to processing time or get a payment once a month. The researchers can also get payment in bulk( get all the monetary reward from different reports at once) or get paid by splitting the total payout(by taking out only certain monetary rewards at once).
What are final report status ?
The status of a report given when the decision is made by the triage team to close the report.
Status Description
Duplicate It is given to a report if another researcher has already submitted similar report before. Note: Duplicate is given according to the “Time” when the initial report was submitted. For example, Researcher A submitted an report at 10:00AM 02/12/2020, the report that is submitted after 10:00AM 02/12/2020 are given duplicate for the report submitted by Researcher A
Wont Fix It is a status given to report when the development team decides that the bug does not possess any risk and is not important to fix at the moment.
Not Applicable It is a status given to report that does not possess any or very low security impact on the application.
Resolved The valid report has been resolved and points/bounty are distributed Note: Even though the bug might be given resolved status, it might still be there so re-testing and confirming the bug before disclosing anything must be important.