Security Bounty

To encourage responsible disclosure of security vulnerabilities, we have established a security bounty program. This policy outlines the scope of the program, the process for reporting vulnerabilities, and the rewards for disclosures.

Severity Tiers and Rewards Overview

This table serves as a quick overview of the severity tiers and corresponding rewards. For detailed information about each tier and examples of vulnerabilities, please refer to the full descriptions below.

Scope

This program covers any security vulnerabilities found within THX Network's publicly available services and applications. Vulnerabilities must be newly discovered, previously unreported, and not known to the public. Issues that are not within the scope include:

• Findings from physical testing such as office access

• Findings derived primarily from social engineering

• Findings in third-party applications that integrate with but are not directly owned by THX Network

Reporting a Vulnerability

To report a security vulnerability, please send your findings to Peter at peter@thx.network or via Telegram @peterpolman. Your report should include:

• A clear and detailed description of the vulnerability

• Steps to reproduce the issue

• Any relevant screenshots, logs, or other supporting documentation

Detailed Severity Tiers and Rewards

Critical ($2,500)

Critical vulnerabilities have a direct and immediate impact on the confidentiality, integrity, or availability of user data or the THX Network's infrastructure. Examples include remote code execution, significant data breaches, and vulnerabilities that lead to financial theft.

High ($1,000)

High-severity vulnerabilities significantly affect the security of the THX Network's platform or its users but require specific conditions to be exploitable, such as user interaction. Examples include cross-site scripting (XSS), cross-site request forgery (CSRF), and significant security misconfigurations.

Medium ($500)

Medium-severity vulnerabilities affect the security of the THX Network's platform with limited impact and are generally more difficult to exploit. Examples include moderate information disclosures, low-impact XSS issues, and minor security misconfigurations.

Low ($100)

Low-severity vulnerabilities have minimal impact and are unlikely to be directly exploitable on their own. Examples include minor information disclosures and small security misconfigurations.

Terms and Conditions

• THX Network reserves the right to determine the severity of the vulnerability reported and the reward amount.

• Submissions must be original work and not previously reported to THX Network or publicly disclosed.

• Participants must not violate any laws, disrupt services, or access user data to find vulnerabilities.

• THX Network commits to timely communication with the reporting party and to handle the vulnerability report with confidentiality.

Thank you!

We appreciate your contributions to the security of the THX Network and encourage the responsible reporting of any vulnerabilities you may discover. By participating in this program, you help us ensure the safety and security of our services and the community that uses them.