Bug Bounty Policy
Process Shepherd values the security of its systems and appreciates the contributions made by security researchers through their responsible, private disclosure of vulnerabilities.
We offer a bounty for each identified bug that aligns with our criteria. Once we receive a bug report, we will review it within a period of up to 14 business days. If the reported issue meets our requirements, we will provide a payment of $50 USD per unique bug identified.
However, our bounty program excludes certain types of bugs:
- Any issues pertaining to third-party systems.
- Descriptive error messages (e.g., Stack traces, server or application errors).
- HTTP 404 codes/pages or other HTTP non-200 codes/pages.
- Disclosure of banner on common/public services.
- Disclosure of public files or directories (e.g., robots.txt).
- Clickjacking and issues exploitable solely via clickjacking.
- Self-XSS and issues exploitable only through Self-XSS.
- CSRF on forms accessible to anonymous users (e.g., contact form).
- Tab nabbing.
- Stripping of EXIF data from uploaded images.
- Logout CSRF.
- “Autocomplete” or “save password” functionality in applications or web browsers.
- Issues requiring physical access to a device for exploitation.
- DMARC configuration not in reject or quarantine mode.
- Non-deleted WordPress XMLRPC or Rest API scripts (they are as disabled as our hosting allows).
- Execution of CSV content due to special treatment of certain characters by a third-party client application in exported CSV files.
- Issues related to the password policy.
The following reports will also be excluded:
- Duplicate bug reports that we have previously received.
- Bug reports for which fixing is not feasible.
We urge researchers to focus on processshepherd.com and its subdomains.
To report a bug, please send an email to firstname.lastname@example.org with as much detail as possible (steps to reproduce, why it constitutes a bug, and so forth). Video demonstrations are highly encouraged.
Thank you for your contribution to enhancing our security.