Seats.io Security Bounty Program
Seats.io strongly believes in the value of security researchers and whitehat hackers in keeping our users, data and products safe.
To recognize this important role, we have created a bounty program.
We determine bounty eligibility at our sole discretion, based on a number of factors such as (but not limited to) risk, impact, quality of the report, and more.
The bounty awards vary by classification of the issue, but typically vary between 50€ for low, and 500€ or more for critical security issues.
- Your finding must be new. If we know already, it's not eligible for a bounty.
- Do not harm the experience, usefulness, reliability or integrity of the seats.io services or data, through any form of attack. This includes degradation of service and denial of service attacks.
- Do not attempt to view, change, or remove data that resides on the seats.io system.
- Do not intentionally attempt to make use of the vulnerability.
- Do not use scanners or automated tools to find vulnerabilities.
- Do not attempt nor report non-technical attacks, such as social engineering tactics (phishing, etc) or physical security attacks.
- Full confidentiality: you commit to not disclose any details of your finding to the outside world (e.g. the existence of the vulnerability or the bounty). This includes after the issue has been fixed.
These are not eligible for a bounty:
- Network level Denial of Service attacks
- Disclosure of known public files or directories
- Outdated software / library versions
- Mail configuration issues (e.g. SPF records)
How to submit
Send an email to firstname.lastname@example.org, containing:
- A detailed description of the location and potential impact of the vulnerability
- A detailed list of steps required to reproduce the vulnerability (scripts, screenshots, screen captures)
Payout happens through PayPal, and we will need an invoice in order to be able to make a valid payment. The invoice should be made out to:
If you are in the EU, please add our VAT number: BE 0543 754 779