NeoPhotonics invites you to test and help secure our network perimeter. We appreciate your efforts and hard work in making us more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!
This program will not use the Vulnerability Rating Taxonomy, but the following rating system due to the nature of the scope.
Neophotonics is looking to make sure their perimeter is secure, as such, ratings will follow some general guidelines:
- P1 (Critical) - Compromise of Firewall system by the attacker. Unauthorized remote users getting into the network through bypassing the firewall rules.
- P2 (Important) - Any issue where a full bypass of the Firewall, IDS, main routers, or issues where unencrypted traffic can be derived. For full rewards, please provide a proof of concept and detailed information.
- P3 (Moderate) - Any issue where a information about the internal structure of a network can be gleaned
- P4 (Low) - Any issue with a current CVE that does not fall under the above categories.
The Common Vulnerability Scoring System (CVSS) methodology will be used for generating the numerical score reflecting the vulnerability severity. The numerical score can then be translated into a qualitative representation (such as Critical, High, Medium or Low)
|P1||9.0-10||up to $3,500|
It is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.