Join our Bug
Bounty Program

Claim a reward of $500 equivalent paid out in PLU for any qualifying bug you discover in our products.
Security is of paramount importance, which means that we will investigate all reported bugs and potential breaches. If you believe you have discovered a bug or vulnerability in Plutus.it or any of our applications, please contact us right away at security@plutus.it

About the Program

We understand the amount of work and research that goes into security testing. As such, reporting any vulnerability that could compromise the confidentiality or integrity of our users or service will be directly rewarded.

Rewards

A reward of up to USD$500 (paid in PLU) may be provided for the disclosure of qualified bugs (Bypassing login processes, executing code, interfering with user interaction, accessing other sessions, etc).

Smaller vulnerabilities that do not meet our severity criteria may still be provided a minimum of USD$100 (PLU) if they lead to an improvement in overall security.

In order to abide by our policy, vulnerabilities must be disclosed privately and provide us reasonable time to respond.

Please note: We do not reward spam or socially engineered vulnerabilities, neither do we reward vulnerabilities that have been disclosed publicly. Third-party applications such as the ones we use to test our BETA applications are not incorporated into this bounty programme. This includes Crashlytics, Telegram, etc.

Terms & Restrictions

  • The first person to report and disclose a bug will be rewarded.
  • Publicly disclosed bugs will not be rewarded.
  • The reward amounts may increase and decrease, this is at our discretion.
  • We may cancel the programme at anytime.
  • Your testing must not violate any laws at any time.
  • Due to legal restrictions, we cannot and will not reward residents of countries under current U.S. sanctions (including North Korea, Libya, Cuba).