ChangeHero's Bug Bounty Program

Due to popular demand, ChangeHero introduces a bug bounty program for security researchers. We invite you to help us identify bugs and vulnerabilities and will reward you if it helps us deliver a more secure product. Interested? Read on for more information!

How Does ChangeHero Bug Bounty Work?

Please be informed that as a work in progress, the bug bounty program terms and conditions can be modified without prior notice.

To streamline the process of reporting security vulnerabilities and properly reward our community members for help, we decided to test the waters and trial our own bug bounty program.

A bug or security bounty is an offer from a software company or a similar business for “white hat” ethical hackers and security researchers. In exchange for a detailed report on various vulnerabilities, they offer a reward that can vary depending on the severity of the exploits. Major tech companies such as Microsoft and Apple collaborate with external security researchers and bug bounty hunters to identify security issues.

Eligibility and Responsible Conduct

To be eligible for bounty awards, your report must comply with the following criteria:

A valid report contains clearly documented material on a discovered security vulnerability in the code of the ChangeHero website or Affiliate Program assets (widget, referral links, API)

Vulnerability reports have to be clearly attributable to the person who submits them and must not be published anywhere else prior or for the duration of a review

Does not violate the Terms of Use of the platform

Does not contain sensitive information, private information of other users, inappropriate information, or received in a fraudulent manner

Is not a result of an exploit that causes a service interruption, harm, or damage to the work of the ChangeHero website or Affiliate Program assets (widget, referral links, API)

By submitting a report, you also acknowledge that it is subject to our Privacy Policy. ChangeHero may reject the submission of information deemed ineligible.

Report a security vulnerability

So, do you feel up to the challenge? Do you already know what to report?

1. Search for security vulnerabilities in the scope of the bug bounty program;

2. Prepare a vulnerability report with respect to the eligibility criteria;

3. Send it to ChangeHero support through the available contact channels — email or the chat widget on the website;

4. Wait for a submission acknowledgment and a review from our security team, usually provided within 30 days.

Let’s work together for mutual benefit: We eliminate security bugs and improve ChangeHero, and you receive rewards!