Easy Projects Easy Projects

Vulnerability Reward Program

Program Overview

Security of our users and their data is paramount for Easy Projects. That’s why we encourage ethical vulnerability research and reporting.

Should you find or discover any security vulnerability, please report it to Easy Projects, and our team will investigate and address it as soon as possible.

Easy Projects offers monetary rewards (bug bounty) for the submitted security vulnerabilities. The value of the reward is affected by a number of factors including but, not limited to severity, impact and the exploitability.

Program Rules

Please review and understand the rules of the Easy Projects Vulnerability Program before reporting a vulnerability. By participating in this program, you agree to be bound by these rules:

The rewards are granted entirely at the discretion of Easy Projects.

Exclusions

Please note that the following issues are not considered security vulnerabilities and are not eligible for reward payments.

How to Report a Vulnerability

Please submit your report using this form.

The Vulnerability Report should include clear reproduction steps as well as Proof of Concept images and/or video.

Classification of Vulnerabilities and Reward Levels

The Easy Projects team ranks security vulnerabilities severity levels based on the Common Vulnerability Scoring System (CVSS). You can learn more about CVSS at FIRST.org

Severity Level CVSS Score Reward payment, (USD)
Low 0.1 – 3.9 $10 – $30
Medium 4.0 – 6.9 $30 – $80
High 7.0 – 8.9 $80 – $200
Critical 9.0 – 10.0 $200 – $500