Scholify Bug Bounty Program
Scholify is all about the students community and empowering them. To do it in the best way, we are dedicated to offer a seamless and flawless experience to all our users. We need your help to improve our service and helping us can make you win big!
We encourage all our users to use the app not only to win scholarships, but also win cash rewards. Here’s what you need to do, if you discover a bug, investigate it responsibly and report it to us after duly investigating it, so that we can address it as soon as possible. For every valid bug reported you get rewarded.
Rewards
Scholify Bug Bounty Program is currently offering bounties for UI/UX related bugs. Below are more details about it:
- The bug has a direct impact on user experience by making it unpleasant.
- Rewards can be credited to a Paytm wallet, or in form of Flipkart or Amazon vouchers.
- The minimum reward for eligible bugs is INR 100 and can go upto INR 10,000.
- 1 valid bug equals 1 reward.
- Multiple reports over time can be eligible for a Hall of Famer digital certificate and a shoutout on social media.
Eligibility
- Be the first to report the issue.
- Must pertain to an issue causing bad user experience.
- Must contain sufficient information including a proof of concept screenshot, video, or code snippet where needed.
- You agree to participate in testing the effectiveness of the countermeasure applied to your report.
- You agree to keep any communication with Scholify, absolutely private.
Rules
- Don't violate Scholify’s privacy policy or the privacy of other users, destroy data, disrupt our services, etc.
- Don't request updates constantly. We are a small team and working rigorously to build Scholify.
- Only target your own accounts in the process of investigating any bugs/findings. Don't target, attempt to access, or otherwise disrupt the accounts of other users without the express permission of our team.
- Don't target our physical security measures, or attempt to use social engineering, phishing, spam, distributed denial of service (DDOS) attacks, etc.
- In case you find a severe vulnerability that allows system access, you MUST NOT proceed further, and report the same to us immediately.
- It is Scholify’s decision to determine when and how the bugs should be addressed and fixed.
- Disclosing bugs to a party other than Scholify is strictly forbidden, all bug reports are to remain at the reporter and Scholify’s discretion.
- Threatening of any kind will automatically disqualify you from participating in the program, forever.
- Exploiting or misusing the vulnerability for your own or others' benefit will automatically disqualify the report.
- Bug disclosure communications with Scholify’s Team are to remain strictly confidential. Researchers must destroy all artifacts created to document vulnerabilities (POC code, videos, screenshots) after the bug report is closed.
- By reporting any bug, you are accepting Scholify’s Terms and Conditions. You can read them here.
#KeepMovingForward