HackerEarth has always provided safe and secure systems for the community and customers to interact with and use. However, it is possible that there could be areas with gaps in our posture that can compromise data integrity or pose a weakness in our systems, which can be exploited.
HackerEarth invites security researchers and community users to come forward and help in improving the security posture of our systems and applications. Through this program, we may provide monetary and non-monetary rewards, as well as, public recognition for vulnerabilities disclosed to the HackerEarth team. The rewards will be determined based on the criticality, severity, and impact of the findings. The rewards will be decided once the HackerEarth team has validated the findings shared with them.
The rewards are as follows: |Bug classification | Rewards | |--|--| | Low |HackerEarth swag | | Medium| $50* or equivalent + swag| | High| $125* or equivalent + swag| *Cash awards are usually disbursed in the form of gift vouchers. Taxes (if applicable) will be deducted before the disbursement.
To be eligible to participate in our Bug Bounty Program, you must: - Be at least 18 years old if you test using a HackerEarth account - Not violate any national, state, or local law or regulation directly or indirectly while participating in the program
HackerEarth will review and respond as quickly as possible to your submission, and keep you informed as we work to fix the vulnerability you submitted. We may contact you for further information if necessary. Expect a response within 24-48 hours for an acknowledgement. Time to fix the issues will vary depending on impact and the complexity of the issue. The bounty will be processed within a month of reporting the bug. (We process the bounty in batches. We will keep you posted)
All URLs and endpoints under the hackerearth.com domain are eligible for the bug bounty program.
Do’s
Don'ts
All the issues must be reported through email to support@hackerearth.com with an appropriate subject line. An example of a detailed subject line is: HackerEarth Bug Bounty | Vulnerability in xyz feature.
High-quality reports will help HackerEarth understand the issue clearly and engage the right team to address the issue. A good report will give enough information about the issue, the impact, and will allow our team to arrive at a solution quickly. All the bugs that are reported should be well-detailed and should contain at least the following information:
Important: Poor quality reports will not be accepted. Please ensure that your report is very well detailed.
All the bugs that are reported will be classified internally based on our understanding of the issue as High, Medium, or Low. The bounty rewards will be disbursed based on this classification.
Our teams will triage these issues internally and get back with a timeline for an appropriate fix and the bounty disbursement.
The main categories of vulnerabilities that we are sincerely looking for are:
Any of the following reports will be considered out of scope and will not qualify for the bug bounty program.