For this program, we're inviting researchers to test Jora's web applications and services - with a focus of identifying security weaknesses that might lead to the compromise of our customer data (mainly, job seekers profiles and resumes).
IMPORTANT: Please remember to follow the job posting rules outlined in the program brief.
Thank you for participating!
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that a vulnerability priority will be modified due to its likelihood and impact. In any instance where an issue is downgraded, Jora will provide a reasonable justification to the researcher.
To maximize your reward and payout time frame, please make sure to include the following in your report:
- An attack scenario: What is the most likely way an attacker could abuse this vulnerability?
- Clear reproduction steps: If we can't easily replicate what you are describing, we may not consider the issue as serious.
- Recommended fix: If you have any good ideas on ways to mitigate the risk without impacting normal users, your submission will have more value.
For P1/P2 issues, we aim to complete our triage within one business week of the issue being reported. For other issues, it may take us up to three business weeks to triage the issue.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.