Secuna
  • Welcome!
  • Products
    • What is Secuna Pentest?
    • What is Secuna Discover?
    • What is Secuna Response?
  • FAQ
    • General
    • Programs
    • Security Researchers
  • Guides
    • Adding and Removing Program Team Members
    • Communicating with Researchers and Co-Admins as Program Admin
    • Paying bounties
    • Awarding bounties on bug reports
    • Create an account as Security Researcher
    • Create an account as Organization
    • Setup Secuna Response program
    • Setup Secuna Discover program
    • Markdown Syntax
  • Programs
    • Bug Bounty Program (BBP)
    • Vulnerability Disclosure Program (VDP)
    • Difference between an Open and a Private program
    • Program Roles
    • Report statuses on Secuna
    • Bug Bounty Table
    • Disclosure Types
  • Terms and Policies
    • Privacy Policy
    • Terms and Conditions
    • Disclosure Terms
Powered by GitBook
On this page

Was this helpful?

  1. Programs

Bug Bounty Table

Suggested Bug Bounty per Severity Level

PreviousReport statuses on SecunaNextDisclosure Types

Last updated 3 years ago

Was this helpful?

At Secuna, every bug has a severity level assigned based on the security impact. To help you decide which security vulnerabilities should be resolved first, Secuna has the following types of severities:

  • Critical Severity - A vulnerability whose exploitation could allow remote code execution without user interaction. Exploitation likely results in a root-level compromise of servers or infrastructure devices.

  • High Severity - A vulnerability whose exploitation could allow access to user’s information without authorization. Exploitation could result in elevated privileges, significant data loss, or downtime.

  • Medium Severity - A vulnerability requiring user privileges to be exploited successfully. Exploitation would involve the attacker to manipulate individual victims by using social engineering tactics, live on the same local network as the victim, or set up denial of service assaults. Often only very restricted access is available.

  • Low Severity - Low-range vulnerabilities typically have minimal effect on an organization’s business.

For companies running a Bug Bounty Program on Secuna, we created these bug bounty rates that you may follow to reward the valid submissions of security researchers based on the severity of their reports.

For startup companies (referred to as “Startups”), we recommend a minimum of $100 USD for low severity vulnerabilities.