S
S
Secuna
Search…
S
S
Secuna
Welcome!
Products
What is Secuna Pentest?
What is Secuna Discover?
What is Secuna Response?
FAQ
General
Programs
Security Researchers
Guides
Adding and Removing Program Team Members
Communicating with Researchers and Co-Admins as Program Admin
Paying bounties
Awarding bounties on bug reports
Create an account as Security Researcher
Create an account as Organization
Setup Secuna Response program
Setup Secuna Discover program
Markdown Syntax
Programs
Bug Bounty Program (BBP)
Vulnerability Disclosure Program (VDP)
Difference between an Open and a Private program
Program Roles
Report statuses on Secuna
Bug Bounty Table
Disclosure Types
Terms and Policies
Privacy Policy
Terms and Conditions
Disclosure Terms
Powered By GitBook
Bug Bounty Table
Suggested Bug Bounty per Severity Level
At Secuna, every bug has a severity level assigned based on the security impact. To help you decide which security vulnerabilities should be resolved first, Secuna has the following types of severities:
  • Critical Severity - A vulnerability whose exploitation could allow remote code execution without user interaction. Exploitation likely results in a root-level compromise of servers or infrastructure devices.
  • High Severity - A vulnerability whose exploitation could allow access to user’s information without authorization. Exploitation could result in elevated privileges, significant data loss, or downtime.
  • Medium Severity - A vulnerability requiring user privileges to be exploited successfully. Exploitation would involve the attacker to manipulate individual victims by using social engineering tactics, live on the same local network as the victim, or set up denial of service assaults. Often only very restricted access is available.
  • Low Severity - Low-range vulnerabilities typically have minimal effect on an organization’s business.
For companies running a Bug Bounty Program on Secuna, we created these bug bounty rates that you may follow to reward the valid submissions of security researchers based on the severity of their reports.
For startup companies (referred to as “Startups”), we recommend a minimum of $100 USD for low severity vulnerabilities.
Programs - Previous
Report statuses on Secuna
Next - Programs
Disclosure Types
Last modified 4mo ago
Copy link