Bug Bounty Program

Bug Bounty Program for Xride Application

Introduction:

Welcome to the Xride Bug Bounty Program! We appreciate the security community's efforts to identify and responsibly disclose potential vulnerabilities. This program is designed to encourage researchers to find and report such vulnerabilities to help us maintain the highest level of security and privacy for our users.

Scope:

The Bug Bounty Program covers security vulnerabilities in the Xride mobile applications and associated backend systems.

Rewards:

  • Low severity: Up to $1,000

  • Medium severity: Up to $5,000

  • High severity: Up to $10,000

  • Critical severity: Up to $25,000

Eligibility:

  • Only security vulnerabilities qualifying for this program are eligible for rewards.

  • Vulnerabilities must be responsibly disclosed, allowing reasonable time for remediation before public disclosure.

In-Scope Targets:

  1. Xride Mobile Applications (iOS and Android)

  2. Xride Backend Systems

  3. Xride smart contracts

Out-of-Scope Targets:

  1. Third-party applications or websites

  2. Physical attacks against Xride infrastructure

  3. Social engineering attacks

  4. Denial of service attacks

Submission Guidelines:

  1. Report the vulnerability to xride-security@company.com.

  2. Include a detailed description of the vulnerability and steps to reproduce.

  3. Provide any supporting material (e.g., screenshots, proof-of-concept code).

  4. Allow a reasonable amount of time for the Xride security team to investigate and address the issue before public disclosure.

Rules and Requirements:

  1. Do not perform actions that could harm Xride, its users, or third parties.

  2. Do not access or modify data that does not belong to you.

  3. Do not disclose the vulnerability before it is resolved.

Legal Disclaimer:

Xride reserves the right to modify the terms of the Bug Bounty Program or cancel it at any time. Rewards are granted at the sole discretion of Xride based on the severity and impact of the reported vulnerabilities. Participants must comply with all applicable laws and regulations.

Thank you for your contributions to the security of Xride!

PreviousSmart contracts Audit

Last updated