Xgen Plus Bug Reward Programme

Xgenplus invites independent security groups or individual researchers to study it across all platforms and help us make it even safer for our customers. Please alert us to any potential security flaw you find. We would suitably reward you for your efforts.

Guidelines

All researchers are expected to:

  • Report their finding by writing to us directly at bugreward@xgenplus.com without making any information public. We will confirm receipt within 72 working hours of submission.
  • Keep the information about any vulnerability you’ve discovered confidential between us until we have resolved the problem.
  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing. Perform research only within the scope below If you follow these guidelines when reporting an issue to us, we commit to:
  • Suitably rewards you for your efforts. The reward will be disclosed when you report the bug.
  • Recognize & acknowledge your contribution on our Security with a certificate from xgenplus
  • Work with you to understand and resolve the issue quickly
  • Not pursue or support any legal action related to your research

Scope

  • Remote code execution
  • Cross Site Forgery Protection
  • Cross Site Scripting
  • Cross-Site Script Inclusion
  • Security Flaws in Authentication/Authorizations
  • Denial of Service
  • SQL Injection
  • Faulty Protocol Implementation
  • Feature Bugs with proper Explanation & Screenshots

Things we do not want to receive

  • Personally identifiable information (PII)
  • Credit card holder data
  • Irrelevant Request related to features
  • Missing Feature

Reporting Format

If you believe you’ve found security vulnerability in one of our products or platforms, please send it to us by emailing at bugreward@xgenplus.com.

Please include the following details in your report:

  • Description of the location and potential impact of the vulnerability
  • A detailed description of the steps required to reproduce the vulnerability – POC scripts, screenshots, and compressed screen captures will all be helpful to us.
  • Your name/handle and a link for recognition.

Terms & Eligibility

We request adherence to our simple Disclosure Policy:

Please include the following details in your report:
  • Please avoid privacy violations, and do not destroy data/hinder our regular services.
  • The vulnerability/bug must be original and previously un-reported. The first reporter will have benefit of the program.
  • Core team of xgenplus are not eligible for Xgenplus Bug Reward Program.
  • We reserve the right to change the rules or cancel this program at any time.
  • Consideration for other bugs with serious security implications will be on case-to-case basis.

An official letter from xgenplus will be issued certifying the contribution. The letter will be generic, without mention of the vulnerability.