- Enforceable areas include (but are not limited to)
- What happens if I behave incorrectly
- How are reported incidents reviewed
The Bugcrowd code of conduct is one of the most important resources on Bugcrowd’s platform and provides guidelines to follow as a Researcher to successfully keep to a professional path. It is mandatory that you adhere to the code of conduct when working on a bounty or engaging with our community.
Enforceable areas include (but are not limited to)
- Disruptive behaviour/testing
- Aggressive and/or Abusive behaviour
- Abuse of reward systems within Bugcrowd
- Disclosure Threat
- Unauthorized Disclosure of a Private Bounty and/or
- Unauthorized Disclosure of a Submission’s vulnerability content
What happens if I behave incorrectly
Depending on the context and severity of the incident, consequences can range from educational coaching to temporary or permanent loss of platform privileges. All decisions are private matters between the Bugcrowd team and the Researchers(s) involved.
How are reported incidents reviewed
Bugcrowd team members review all reported circumstances, for context and severity. This may include conversations with all parties involved (Researcher, Program Owner or other Bugcrowd Team members) as well as screenshots, links or prior enforcement history.
If the incident under review is determined to be in violation of the Code of Conduct or Standard Disclosure Terms, the Bugcrowd team determines the appropriate response and messages the Researchers and/or Program Owners accordingly. This can range from educational messaging to either a Researcher (or a Program Owner!) to provide best practices and can escalate to a formal and permanent removal from the Bugcrowd platform.
There is an opportunity to discuss the final decision through firstname.lastname@example.org, if warranted.