TILDA

Tilda Bug Bounty Program

Tilda technical vulnerability reward program

We reward security researchers who are able to discover vulnerabilities in Tilda and the related modules and microservices. For any questions that are not related to this program, please email our support team at team@tilda.cc

If you discover a bug, email our technical support team at tech@tilda.cc In your email, give a detailed description of the bug and provide the following information:

the service or module in which the vulnerability was discovered;
type of vulnerability;
the threat it poses;
how it can be reproduced;
your suggestions on how it can be fixed.

Non-Qualifying Vulnerabilities

Reports from security scanners and other automated systems without a clear demonstration of the actual vulnerability;
Reports about the disclosure of non-confidential information, such as product version;
Emails about vulnerability based on product/protocol versions, without a clear demonstration of the actual vulnerability;
Messages about the absence of a protection mechanism without the indication of actual negative consequences;
Any data obtained with the use of social engineering;
SelfXSS.

Rewards

The minimum bounty amount is $50;
The amount of the payout depends on how severe the discovered vulnerability is: the more serious error you find, the greater your reward is;
Each case is considered separately, but as a rule, the amount of the payout depends on the payments for similar vulnerabilities on HackerOne.

Rules of Engagement

The vulnerability reward is paid only to the first researcher who reported the vulnerability;
No payout is made if you use the discovered vulnerabilities against Tilda users;
Only individuals who have reached the age of 18 can participate in the program;
It is prohibited to disclose or publish information about a discovered bug within 90 days after reporting it;
It is prohibited to publish a code that contains or describes the vulnerability of publicly available resources.