At Secuna, every bug has a severity level assigned based on the security impact. To help you decide which security vulnerabilities should be resolved first, Secuna has the following types of severities:
Critical Severity - A vulnerability whose exploitation could allow remote code execution without user interaction. Exploitation likely results in a root-level compromise of servers or infrastructure devices.
High Severity - A vulnerability whose exploitation could allow access to user’s information without authorization. Exploitation could result in elevated privileges, significant data loss, or downtime.
Medium Severity - A vulnerability requiring user privileges to be exploited successfully. Exploitation would involve the attacker to manipulate individual victims by using social engineering tactics, live on the same local network as the victim, or set up denial of service assaults. Often only very restricted access is available.
Low Severity - Low-range vulnerabilities typically have minimal effect on an organization’s business.
For companies running a Bug Bounty Program on Secuna, we created these bug bounty rates that you may follow to reward the valid submissions of security researchers based on the severity of their reports.
For startup companies (referred to as “Startups”), we recommend a minimum of $100 USD for low severity vulnerabilities.