Bug Bounty Program

Thank you for your interest in helping make Entratus safer for everyone!

We value security researchers who act in good faith to protect our users. This guide explains how to report security issues so we can respond quickly and fairly.

What to Include in Your Report

A good report saves time for both you and our team.

Vulnerability Type

e.g., SQL Injection, Cross-Site Scripting (XSS), Broken Authentication.

Description

What the vulnerability is and why it matters.

Steps to Reproduce

Clear, numbered steps so our team can replicate the issue.

Proof of Concept (PoC)

Screenshots, videos, or exploit code (if applicable).

Impact

What could happen if this vulnerability was exploited?

Affected Asset

The exact URL, endpoint, or application where you found the issue.

✅ Do

  • • Act in good faith to avoid privacy violations and disruption
  • • Use your own test accounts
  • • Stop testing and report immediately if you access sensitive data unintentionally
  • • Keep details confidential until we confirm remediation

❌ Don't

  • • Exploit the vulnerability beyond what is necessary to prove it exists
  • • Perform Denial-of-Service (DoS) or Distributed DoS attacks
  • • Use phishing, social engineering, or physical intrusion
  • • Test third-party applications we don't own

What Happens After You Submit

1

Acknowledgement

We'll confirm we received your report within 72 hours.

2

Assessment

Our security team will review your submission and determine severity.

3

Fix & Validation

We'll work to remediate the issue and confirm the fix.

4

Reward & Thanks

If your report qualifies, we'll issue a bounty and acknowledge your contribution.

Reward Guidelines

SeverityExampleReward Range (USD)
CriticalRemote Code Execution, Data Breach$500 – $1,000
HighSQL Injection, Authentication Bypass$250 – $500
MediumStored XSS, CSRF with Significant Impact$100 – $250
LowInformation Disclosure, Minor Misconfigurations$50 – $100

Reporting Channel

Please send all bug reports to:

bugbounty@entratus.ai

Safe Harbor

If you follow this guide we will not pursue legal action against you. We believe in working with the community to improve security for all.

If you discover something that could harm our users or systems, please report it immediately - don't test further. Together, we can make Entratus stronger and safer.