Security Bounty
At THX Network, we are committed to maintaining the security of our systems and protecting user data.
Last updated
At THX Network, we are committed to maintaining the security of our systems and protecting user data.
Last updated
To encourage responsible disclosure of security vulnerabilities, we have established a security bounty program. This policy outlines the scope of the program, the process for reporting vulnerabilities, and the rewards for disclosures.
| Severity Tier | Reward | Description |
|---|---|---|
This table serves as a quick overview of the severity tiers and corresponding rewards. For detailed information about each tier and examples of vulnerabilities, please refer to the full descriptions below.
This program covers any security vulnerabilities found within THX Network's publicly available services and applications. Vulnerabilities must be newly discovered, previously unreported, and not known to the public. Issues that are not within the scope include:
Findings from physical testing such as office access
Findings derived primarily from social engineering
Findings in third-party applications that integrate with but are not directly owned by THX Network
To report a security vulnerability, please send your findings to Peter at peter@thx.network or via Telegram @peterpolman. Your report should include:
A clear and detailed description of the vulnerability
Steps to reproduce the issue
Any relevant screenshots, logs, or other supporting documentation
Critical vulnerabilities have a direct and immediate impact on the confidentiality, integrity, or availability of user data or the THX Network's infrastructure. Examples include remote code execution, significant data breaches, and vulnerabilities that lead to financial theft.
High-severity vulnerabilities significantly affect the security of the THX Network's platform or its users but require specific conditions to be exploitable, such as user interaction. Examples include cross-site scripting (XSS), cross-site request forgery (CSRF), and significant security misconfigurations.
Medium-severity vulnerabilities affect the security of the THX Network's platform with limited impact and are generally more difficult to exploit. Examples include moderate information disclosures, low-impact XSS issues, and minor security misconfigurations.
Low-severity vulnerabilities have minimal impact and are unlikely to be directly exploitable on their own. Examples include minor information disclosures and small security misconfigurations.
THX Network reserves the right to determine the severity of the vulnerability reported and the reward amount.
Submissions must be original work and not previously reported to THX Network or publicly disclosed.
Participants must not violate any laws, disrupt services, or access user data to find vulnerabilities.
THX Network commits to timely communication with the reporting party and to handle the vulnerability report with confidentiality.
We appreciate your contributions to the security of the THX Network and encourage the responsible reporting of any vulnerabilities you may discover. By participating in this program, you help us ensure the safety and security of our services and the community that uses them.
Critical
$2,500
Direct and immediate impact on confidentiality, integrity, or availability. Examples: remote code execution, significant data breaches.
High
$1,000
Significant effect requiring specific conditions to exploit. Examples: XSS, CSRF, significant security misconfigurations.
Medium
$500
Limited impact, more difficult to exploit. Examples: moderate information disclosures, low-impact XSS, minor security misconfigurations.
Low
$100
Minimal impact, unlikely to be directly exploitable. Examples: minor information disclosures, small security misconfigurations.