Ven Research launches bug bounty program with rewards ranging from INR 5,000 to INR 50,000
By: Ven Research
There is a bit of small print to all this of course. You will need to be the first person to spot the bug - if someone else beat you to it but Ven Research just hasn't fixed it yet, you're out of luck. However, Ven Research does pledge to respond to all bug reports within 30 days and to implement a fix within 90.
Ven Research doesn't want this to become a game of "try and break the site." It will not be doling out any money to those who try and hit the site with a denial of service attack, or physically attack the offices of the company.
After all, you're not much of a bug hunter if you create the bug yourself.
Neither are Ven Research employees fair game, so Ven Research will not be offering bounties for anyone that uses employee information or social engineering to gain access to parts of the website they might not otherwise be allowed to see.
But other than that, Ven Research wants its users to go to town. It wants any and all vulnerabilities discovered so they can't be exploited by nefarious individuals. Reseller sites have routinely been targeted by hackers because affected users are less likely to report a problem through fear of being outed as a user.
To report a bug simply email to firstname.lastname@example.org