We work hard everyday to maintain and improve our systems and processes so that our end users can learn programming safely online at all times. However, we are like others, should you find a weakness in one of our IT systems, we would appreciate your help.
HackerEarth maintained a private bug bounty program till now. The program was known to few and only reward part was HackerEarth t-shirt and swag kit. After growing demand and a need for healthy bug bounty program, we have decided to open the program to engage with security community helping us see a safer tomorrow.
This program will help recognize the contributions of security researchers who invest their time and effort in helping us make HackerEarth more secure. Through this program, we provide monetary rewards and public recognition for vulnerabilities disclosed to the HackerEarth Team. The reward level is based on the bug severity and increases for higher quality reports that include PoC, detailed insights, steps to reproduce the bug, test cases, and patches.
All urls with domain *.hackerearth.com are covered.
We maintain flexibility with our reward system, and have no minimum/maximum amount; rewards are based on severity, impact, and report quality.
HackerEarth will review and respond as quickly as possible to your submission, and keep you informed as we work to fix the vulnerability you submitted. We may contact you for further information if necessary. Generally 24-48 hours to respond and an effective time of a week for a mean time to resolution and pay out.
In addition to complying with our Terms of Use and any other applicable terms and conditions, you must also follow these basic rules when participating in our bug bounty program:
The main categories of vulnerabilities that we are sincerely looking for are: