Bug Bounty
Introduction
Nimbus is committed to maintaining the security and integrity of our services. We understand that no technology is perfect, and we believe in working collaboratively with the security community to find and resolve vulnerabilities. Our bug bounty program encourages this collaboration by rewarding security researchers who provide us with high-quality security information.
Scope
This program covers the following application(s) and services:
Nimbus Website: https://hub.nimbus.dev
Nimbus API: https://api.nimbus.dev
Nimbus Data Pipeline
The following are explicitly out of scope:
Third-party services and dependencies
Denial of Service (DoS) attacks
Spam or social engineering techniques
Eligibility
Participants must:
Not be a former or current employee of Nimbus or its affiliates.
Not violate any laws or breach any agreements in order to discover vulnerabilities.
Adhere to the guidelines and scope of this program.
Rewards
Nimbus provides rewards as follows:
Critical vulnerabilities: Up to $1000
High severity vulnerabilities: Up to $500
Medium severity vulnerabilities: Up to $200
Low severity vulnerabilities: Recognition in our Hall of Fame
Reward amounts are determined by the impact, ease of exploitation, and quality of the report. Decisions on reward eligibility and amounts are made by Nimbus and are final.
Submission Guidelines
To submit a vulnerability, please follow these guidelines:
Provide detailed steps to reproduce the vulnerability, including proof of concept (PoC) code if applicable.
Include your contact information for further communication.
Do not disclose the vulnerability publicly or to any third parties without explicit permission from Nimbus.
Submissions should be sent to security(at)nimbus.dev
Legal
Participants agree to:
Handle any confidential information obtained through this program responsibly.
Refrain from exploiting any vulnerabilities beyond what is necessary for demonstration purposes.
Comply with all applicable laws and regulations.
Nimbus commits to:
Respond promptly to submissions.
Not pursue legal action against researchers who adhere to this policy.
Work with researchers to understand and remediate reported vulnerabilities.
Contact
For questions or more information about the bug bounty program, please contact security(at)nimbus.dev
.
Last updated