As a part of Scholify’s commitment to a seamless user experience, we reward contributors who share with us the reports of any bugs or errors affecting a seamless experience. We make it a priority to resolve the reported issues as quickly as possible in order to best serve our users. Scholify also offers public recognition for those who report valid bugs and any suggestions towards improving/solving them.
In order to be eligible for an Scholify Bug Bounty Program, the issue must occur on the latest publicly available versions of the Scholify Android/iOS app or the website. These eligibility rules are meant to protect our users until an update is available, ensure Scholify can quickly verify reports and create necessary updates, and properly reward those doing original research. Researchers must:
The goal of the Scholify Bug Bounty Program is to ensure a smooth, safe, and seamless experience to our users through understanding both vulnerabilities and their effects. Reports that include a basic proof of concept instead of a working exploit are eligible to receive no more than 50% of the maximum payout amount. Reports lacking necessary information to enable Scholify to efficiently reproduce the issue will result in a significantly reduced bounty payment, if accepted at all. A complete report includes:
The more details provided in the initial report, the easier it will be for Scholify to evaluate your report.
Send your report by email to bugbounty@scholifyme.com. Include all relevant videos, images, crash logs, and system diagnosis reports in your email.
You must not disrupt, compromise, or otherwise damage data or property owned by Scholify or other parties. This includes attacking any devices or accounts other than your own (or those for which you have explicit, written permission from their owners), and using phishing or social engineering techniques.
If you follow the program terms, we will not initiate a lawsuit or law enforcement investigation against you in response to your report. Please understand that this waiver does not apply to your security research that involves the networks, systems, information, applications, devices, products, or services of another party (which is not Scholify). We cannot and do not authorize security research in the name of other entities.
“Confidential Information” means any information that is marked or otherwise designated as confidential at the time of disclosure or that a reasonable person would consider confidential based on the circumstances and content of the disclosure, and which is disclosed in connection with a Scholify Bug Bounty Program. Confidential Information does not include information that: (i) is or becomes known to the receiving party from a source other than one having an obligation of confidentiality to the disclosing party; (ii) is or becomes publicly known or otherwise ceases to be confidential, except through a breach of this Agreement; or (iii) is independently developed by the receiving party.
Before engaging in any testing or submitting findings you agree that you will (i) hold in confidence and not disclose to any third party any Confidential Information, except as approved in writing by disclosing party; (ii) protect such Confidential Information with at least the same degree of care that the Researcher uses to protect its own Confidential Information, but in no case, less than reasonable care; (iii) use the disclosing party’s Confidential Information for no purpose other than the use permitted by the disclosing party; and (iv) immediately notify disclosing party upon discovery of any loss or unauthorized disclosure of disclosing party’s Confidential Information
ALL SUBMISSIONS ARE CONFIDENTIAL INFORMATION OF THE PROGRAM OWNER UNLESS OTHERWISE STATED IN THE BOUNTY BRIEF. This means no submissions may be publicly disclosed at any time unless the Program Owner has otherwise consented to disclosure.
All participants in the Bug Bounty Program must act in good faith when investigating vulnerabilities. "Good Faith" means:
Failure to act in good faith will result in immediate disqualification from the Bug Bounty Program and ineligibility for receiving any benefit of the Bug Bounty Program.
By submitting your content to Scholify (your “Submission”), you agree that Scholify may take all steps needed to validate, mitigate, and disclose the vulnerability, and that you grant Scholify any and all rights to your Submission needed to do so. For any further support, write to us at bugbounty@scholifyme.com