Skroutz S.A. is the prime Greek e-commerce and online marketplace platform. We are dedicated to offering our customers and partners top-quality services while maintaining a strong security posture; protecting our customer’s data & privacy is our highest priority. To that end we welcome contributions from security researchers as part of Bugcrowd’s private bug bounty program with the aim of identifying and mitigating any security flaws, gaps and vulnerabilities present in our platform.
Security researchers are invited to conduct extensive research on our live production environment (detailed below), to guarantee accuracy and relevance of reported findings. as long as the stability, integrity and availability of the production environment is not severely affected by said research.
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
While aiming to assist security researchers succeed in our bug bounty program, we expect all participants to adhere to some basic guidelines for interacting with and assessing our platform and supporting services as defined here:
- Provide clear details of any finding, including detailed steps to replicate, any applicable PoC, potential impact and mitigation recommendations
- Do your absolute best to act in good faith, avoiding any potential destruction of data and services, excessive disruption of services and any privacy violations, reporting any concerns around these topics to the Skroutz team.
- Make sure to comply with all relevant & applicable cybersecurity and privacy laws
- Be patient when submitting findings for the Skroutz security team to review and accept as we need to prioritize tasks based on their severity and impact to our platform
- Contact the Skroutz team immediately when you detect any leakage of real customer data that would constitute a privacy breach
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.