Secuna
  • Welcome!
  • Products
    • What is Secuna Pentest?
    • What is Secuna Discover?
    • What is Secuna Response?
  • FAQ
    • General
    • Programs
    • Security Researchers
  • Guides
    • Adding and Removing Program Team Members
    • Communicating with Researchers and Co-Admins as Program Admin
    • Paying bounties
    • Awarding bounties on bug reports
    • Create an account as Security Researcher
    • Create an account as Organization
    • Setup Secuna Response program
    • Setup Secuna Discover program
    • Markdown Syntax
  • Programs
    • Bug Bounty Program (BBP)
    • Vulnerability Disclosure Program (VDP)
    • Difference between an Open and a Private program
    • Program Roles
    • Report statuses on Secuna
    • Bug Bounty Table
    • Disclosure Types
  • Terms and Policies
    • Privacy Policy
    • Terms and Conditions
    • Disclosure Terms
Powered by GitBook
On this page
  • I'm under 13 years of age and what is this?
  • Can I donate my bug bounty to a charity?
  • Why did I not receive the full bounty awarded to me?
  • Why can’t I receive payments in my currency?
  • When and how do I get my bug bounties?
  • What rewards can I get?
  • Is it okay or allowed to use automated vulnerability scanners while performing security research?
  • How long will it be after the bug I submitted is validated?
  • What is the KYC process?
  • What are the rules?
  • I found a security vulnerability in an organization that is not listed on your platform. What should I do?

Was this helpful?

  1. FAQ

Security Researchers

PreviousProgramsNextAdding and Removing Program Team Members

Last updated 3 years ago

Was this helpful?

I'm under 13 years of age and what is this?

We allow bug bounty payments to any age. However, the limits our ability to collect personal identifiable information (PII) from children under 13 years of age, so you will need to claim your bug bounties through your parent or legal guardian.

Can I donate my bug bounty to a charity?

Of course! Some companies on our platform, or even us at Secuna, may also increase the donation value in the event you decide to donate.

Just let us know if you'd like to donate the bug bounty to a charity and we'll be the one to contact and process the donation for you.

Why did I not receive the full bounty awarded to me?

Bug bounties are currently disbursed through PayPal and depending on his/her location, the recipient is responsible for any fees incurred.

You can review PayPal's transaction fee table and policy .

Why can’t I receive payments in my currency?

Our 2 main payout providers are PayPal and Bitcoin. You can only receive payments in the currencies these 2 options provide. If they don’t support your specified currency, then you unfortunately can’t receive payments in that currency. A work around for this is to receive your payment in US dollars and then have the funds converted to the currency you desire.

When and how do I get my bug bounties?

Valid and accepted security vulnerability submitted to a bug bounty program on Secuna will result in a bug bounty payment to your account. After your submission is accepted by the program owner or Secuna Infosec Team, your reward will be paid out the following Friday. Note that for us to pay you on time, the program owner will need to send us the bug bounty payment before 12:00am GMT+8 Friday morning.

Secuna offers these 2 payout methods for monetary awards:

PayPal - As soon as the payment is initiated, you'll receive your award instantly, given that your PayPal account is set up to properly receive the amount of money Secuna is trying to send.

Bitcoin through Paylance - As soon as the payment is processed, you'll receive your award instantly.

What rewards can I get?

There are three main rewards that you could possibly get:

Points – The Secuna platform awards you points when you submit a valid security vulnerability depending on the severity level. Using these points, you have a better chance to get invited to our private security programs.

Bug Bounty – It is a financial compensation that you receive from a security program when you submit a valid security vulnerability to their bug bounty program.

Swag - You can also earn Swag from different security programs by reporting a valid security vulnerability.

Is it okay or allowed to use automated vulnerability scanners while performing security research?

We do not recommend security researchers in running automated vulnerability scanners against the companies that use our platform.

We highly recommend reading the vulnerability disclosure policy of each security program because some of them allow you to use scanners against their assets.

How long will it be after the bug I submitted is validated?

Response time can vary by the security program, security programs that are managed by Secuna typically have a faster response time. Please give at least a week before you request a follow-up.

What is the KYC process?

We require security researchers to complete the KYC process before we let them browse in our platform and report to any open security programs.

KYC Process

  1. Creation and verification of your Secuna account.

  2. Background Research and Identity Verification.

  3. Video Interview

In the following months, we will implement Technical Assessment.

What are the rules?

I found a security vulnerability in an organization that is not listed on your platform. What should I do?

Have more questions about getting paid? Reach out to team for more information.

Before you get started, we extremely recommend you to read our , , and to learn what is expected from you. We want to make sure that we're all on the same page before you join Secuna and participate in our security programs.

If you are unable to find a published vulnerability disclosure policy for the organization, you can email us at , and we'll try to help.

You may also report it via Coordinated Vulnerability Disclosure Assistance:

Children's Online Privacy Protection Act
here
hackers@secuna.io
Terms and Conditions
Privacy Policy
Disclosure Policy
support@secuna.io
https://app.secuna.io/coordinated-vulnerability-disclosure-assistance