Code of Conduct
for white hat hackers
The AuditOne Bug Bounty Platform fosters a secure, collaborative community for ethical hacking practices. As participants, we expect you to adhere to the following Code of Conduct, ensuring a professional and respectful environment for everyone:
Responsible and Ethical Conduct:
- Interactions on the platform should always maintain a standard of professionalism and respect.
- Avoid inundating report threads or sending unnecessary support requests that may hinder the efficiency of the process.
- Refrain from leaving derogatory comments that can negatively impact the community.
Respect for Confidentiality:
- Never threaten to disclose sensitive information related to private programs or any other user data without proper authorization.
- Attempting to extract bounties, money, or services through coercion or threats is strictly prohibited.
- Cases of extortion or blackmail will be taken seriously and may be subject to further actions.
- Exposing private program details, such as program name, scope, vulnerability details, bounty structure, account information, or any identifiable information, is strictly prohibited.
Secure Testing Practices:
- Hackers must seek permission before engaging in any testing practices that could potentially endanger the platform or services.
- Unauthorized exploitation of vulnerabilities, accessing accounts or production details not sanctioned by the program's policy, modifying production or database data, causing Denial of Service, or negatively impacting customer systems is not allowed.
Responsible Vulnerability Disclosure:
- For public programs, adhere to responsible disclosure guidelines.
- Wait for the development and release of a patch before publicly disclosing vulnerabilities.
Official Communication Channels:
- Use only authorized communication channels on the AuditOne platform to discuss vulnerabilities submitted.
- Contacting security teams outside the official channels about submitted reports breaches this Code of Conduct.
Integrity and Fair Play:
- Multiple accounts cannot evade penalties or gain an unfair advantage on the platform.
- Do not engage in activities that manipulate reputation, such as sharing account access or submitting others' work as your own.
- Improper requests for changes in closure status to maintain reputation are prohibited.
- Unauthorized use of another's intellectual property, including the work of other hackers, is strictly forbidden.
- Attempting to manipulate any party through impersonation, whether of an AuditOne employee, another hacker, a program member, or a security team, without proper authorization is strictly prohibited.
By adhering to this Code of Conduct, we aim to create a safe and productive environment for all AuditOne Bug Bounty Platform participants. Let us work together to uphold these standards and ensure responsible and ethical hacking practices within our community.