NeoPhotonics

  • $100 – $3,500 per vulnerability
  • Safe harbor
  • Managed by Bugcrowd

Program stats

12 vulnerabilities rewarded

Validation within about 11 hours
75% of submissions are accepted or rejected within about 11 hours

Latest hall of famers

Recently joined this program

Disclosure

Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

NeoPhotonics invites you to test and help secure our network perimeter. We appreciate your efforts and hard work in making us more secure, and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!


Ratings/Rewards:

This program will not use the Vulnerability Rating Taxonomy, but the following rating system due to the nature of the scope.

Neophotonics is looking to make sure their perimeter is secure, as such, ratings will follow some general guidelines:

  • P1 (Critical) - Compromise of Firewall system by the attacker. Unauthorized remote users getting into the network through bypassing the firewall rules.
  • P2 (Important) - Any issue where a full bypass of the Firewall, IDS, main routers, or issues where unencrypted traffic can be derived. For full rewards, please provide a proof of concept and detailed information.
  • P3 (Moderate) - Any issue where a information about the internal structure of a network can be gleaned
  • P4 (Low) - Any issue with a current CVE that does not fall under the above categories.

The Common Vulnerability Scoring System (CVSS) methodology will be used for generating the numerical score reflecting the vulnerability severity. The numerical score can then be translated into a qualitative representation (such as Critical, High, Medium or Low)

Priority CVSS $ Amount
P1 9.0-10 up to $3,500
P2 8.0-8.9 $1,750
P2 7.5-7.9 $1,500
P2 7.0-7.4 $1,000
P3 6.0-6.9 $850
P4 5.0-5.9 $250
P4 4.0-4.9 $200
P4 3.8-3.9 $150
P4 2.0-3.7 $100
P4 0.1-1.9 Kudos

It is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.