Researcher Code of Conduct

The Bugcrowd Code of Conduct outlines the expected behavior of all Bugcrowd community members participating in bug bounty programs, Bugcrowd online community offerings such as the Bugcrowd Community Forum and IRC channel #bugcrowd, BugBashes, as well as any other programs that may be offered by Bugcrowd.


These guidelines apply to all interactions you have with Bugcrowd staff, customers, and researchers. The Bugcrowd community is intended for everyone, from all walks of life, and as such we've created these guidelines to ensure that we have a safe and welcoming place for all. Please read through this information to understand the expected behavior of all Bugcrowd participants. We look forward to having you in our community.

What We Expect

  1. Be Kind.
  2. Be Respectful.
  3. Be Helpful and help us all improve ourselves. We do this through honest and insightful discussion with our peers and partners.
  4. Be Ethical. Don't intentionally mislead customers or Bugcrowd. It is your job to try and break both technology and business logic flaws, but when you find a weakness it is also your job to report it to be fixed - not exploit it.
  5. Disclosure Guidelines: Don’t share confidential vulnerability or customer information. Private program customers are private, and no vulnerabilities (including duplicates, Out of Scope, Not Applicable, etc) may be disclosed without explicit customer permission. Please read each Bounty Brief for specific program disclosure policies which supercede this policy. We expect everyone to use the proper channels to disclose security vulnerabilities or to communicate about a vulnerability submission. Email support@bugcrowd.com if you have any questions about disclosure.
  6. Read and abide by Bugcrowd's Standard Disclosure Terms and each program's Bounty Brief. We expect you to follow any guidelines and rules that a particular bug bounty or company may have regarding scope of testing and information disclosure. For more information on disclosure policies at Bugcrowd, visit https://researcherdocs.bugcrowd.com/docs/disclosure. If you have additional questions, please refer to our Researcher Help Center
  7. Report bad behavior. As a member of this community you have the ability to impact the quality and reputation of the Crowd. If you see something that violates our guidelines, please notify our operations team immediately at support@bugcrowd.com .

Unacceptable Behavior

  1. Disclosing vulnerability information without explicit approval (see individual bounty briefs for expectations)
  2. Disclosing any information about private bounties including customer names or dates of programs.
  3. Intentional out of scope testing / not following the program bounty brief instructions.
  4. Harassment, including:
    • Offensive comments related to gender, sexual orientation, race, religion, disability, etc.
    • Use of nudity and/or sexual images (including presentation slides).
    • Abusive or threatening language.
    • Deliberate intimidation, stalking or following including seeking out uninvited personal contact with Bugcrowd employees or customers via personal phone or email. harassing materials, photography or recording.
    • Inappropriate physical contact (at any Bugcrowd or industry events), and/or unwelcome sexual attention.
    • Making unjustified accusations against other user(s).
    • Personal attacks, including hurtful, insulting or hostile comments.

Consequences

Violations of these guidelines, the Standard Disclosure Terms, or customer bounty briefs can result in a warning and/or removal of access to elements of the Bugcrowd platform on a temporary or permanent basis depending on the severity of the violation. In some instances, an offender will be removed from the Bugcrowd community and Bugcrowd bounties entirely. All policy enforcement and member consequence decisions are made entirely at the discretion of Bugcrowd. Staff decisions are final and considered private matters between Bugcrowd’s staff and the member(s) involved. If there are any questions about a recent action taken on your account, please contact Bugcrowd Support for details.

Terms and Standard Disclosure Policy

We have a Terms of Service describing your (and our) behavior and rights related to content, privacy, and laws. To participate in Bugcrowd programs and offerings you must agree to abide by our TOS.