We allow bug bounty payments to any age. However, the Children's Online Privacy Protection Act limits our ability to collect personal identifiable information (PII) from children under 13 years of age, so you will need to claim your bug bounties through your parent or legal guardian.
Of course! Some companies on our platform, or even us at Secuna, may also increase the donation value in the event you decide to donate.
Just let us know if you'd like to donate the bug bounty to a charity and we'll be the one to contact and process the donation for you.
Bug bounties are currently disbursed through PayPal and depending on his/her location, the recipient is responsible for any fees incurred.
You can review PayPal's transaction fee table and policy here.
Our 2 main payout providers are PayPal and Bitcoin. You can only receive payments in the currencies these 2 options provide. If they don’t support your specified currency, then you unfortunately can’t receive payments in that currency. A work around for this is to receive your payment in US dollars and then have the funds converted to the currency you desire.
Valid and accepted security vulnerability submitted to a bug bounty program on Secuna will result in a bug bounty payment to your account. After your submission is accepted by the program owner or Secuna Infosec Team, your reward will be paid out the following Friday. Note that for us to pay you on time, the program owner will need to send us the bug bounty payment before 12:00am GMT+8 Friday morning.
Secuna offers these 2 payout methods for monetary awards:
PayPal - As soon as the payment is initiated, you'll receive your award instantly, given that your PayPal account is set up to properly receive the amount of money Secuna is trying to send.
Bitcoin through Paylance - As soon as the payment is processed, you'll receive your award instantly.
Have more questions about getting paid? Reach out to [email protected] team for more information.
There are three main rewards that you could possibly get:
Points – The Secuna platform awards you points when you submit a valid security vulnerability depending on the severity level. Using these points, you have a better chance to get invited to our private security programs.
Bug Bounty – It is a financial compensation that you receive from a security program when you submit a valid security vulnerability to their bug bounty program.
Swag - You can also earn Swag from different security programs by reporting a valid security vulnerability.
We do not recommend security researchers in running automated vulnerability scanners against the companies that use our platform.
We highly recommend reading the vulnerability disclosure policy of each security program because some of them allow you to use scanners against their assets.
Response time can vary by the security program, security programs that are managed by Secuna typically have a faster response time. Please give at least a week before you request a follow-up.
We require security researchers to complete the KYC process before we let them browse in our platform and report to any open security programs.
Creation and verification of your Secuna account.
Background Research and Identity Verification.
In the following months, we will implement Technical Assessment.
If you are unable to find a published vulnerability disclosure policy for the organization, you can email us at [email protected], and we'll try to help.
You may also report it via Coordinated Vulnerability Disclosure Assistance: https://app.secuna.io/coordinated-vulnerability-disclosure-assistance