We value the work of the researchers who look for bugs and vulnerabilities in our products, and we want them to receive due recognition and encouragement. Thats why were starting the Binomo Bug Bounty program.
You can help make our product safe and sustainable. Found a bug? Tell us. Read about how to do that and what you need to do to participate in Binomo Bug Bounty in this Policy.
We are looking for security bugs and other existing or potential vulnerabilities in the products and technologies under the Binomo brand, and we would be pleased if you helped us with that.
Binomo Bug Bounty applies only to (а) authentic, (b) previously unknown to Dolphin Corp LLC, (c) undiscovered vulnerabilities, (d) found in the latest public release:
of the website and/or platform https://binomo.com/
of the Binomo mobile app downloaded from the official Google Play, App Store, Galaxy Store, Aptoide, and Apptoko stores
of the Binomoblog website at https://blog.binomo.com/
other products and technologies under the Binomo brand as agreed with us.
If you find such a vulnerability, please contact us. We will review your report and if it meets the conditions of Binomo Bug Bounty, we will assess it and decide how to reward your work financially.
Please note that errors in products or technologies, third-party developers, or those which are not related to the Binomo brand, even though they affect the performance and safety of its products and technologies, are not included in Binomo Bug Bounty. We will not be able to assess any reports regarding them.
You can participate in our program if:
you are over 18 years old. If you are over 18 but considered a minor in your locale, you must have permission from your legal guardian to participate in Binomo Bug Bounty;
you are reporting a vulnerability on your own behalf as a legal entity. It could also be done on behalf of a legal entity, but in that case, you must have written permission from that legal entity to participate in Binomo Bug Bounty;
at the time of reporting the vulnerability, you are not an employee of Dolphin Corp LLC, an employee of a partner company of Dolphin Corp LLC, and in the last 6 months you have not had any other business relationship with Dolphin Corp LLC (for example, under a civil law agreement or a contract);
you are not related to a person who currently works or has within the last 6 months prior to reporting the vulnerability worked for Dolphin Corp LLC, its partners, or has engaged in other business relations with Dolphin Corp LLC (for example, under a civil law agreement or a contract).
Depending on the laws of your jurisdiction, we may expand this list of requirements.
You can send a vulnerability report by filling out this form.
It must contain:
the name and version of the Binomo brand product or technology affected by the vulnerability;
an overview/summary of the vulnerability and its potential impact;
a detailed explanation and description of the behavior of the vulnerability, how it could be used to circumvent the security system or other purposes that may harm Binomo brand products and technologies, the consequences of implementing the vulnerability protocol and the likelihood that the scenario being used;
proof of the actual existence of the vulnerability and/or instructions describing how to reproduce it.
The proof and/or instructions should describe specific steps that when followed in order lead to the reproduction of the vulnerability.
Information about how the proof of the vulnerability was developed and compiled. Include information about your development environment and test environment (browser name and version, compiler name and version, parameters used for compilation, operating system version, etc.)
The report can be compiled however you prefer, but the more information it contains, the faster we will be able to assess it: we will study the information provided, test the vulnerability, and perform any other necessary manipulations.
Remember that we only accept error reports that fall within the scope of Binomo Bug Bounty, and for which you have prepared a detailed report, as indicated above.
We will not be able to assess any reports that do not meet those requirements. For example, we will not be able to assess the following vulnerabilities:
those in pre-release versions of the product (for example, beta versions);
those in products or versions of products that are no longer supported;
those already known to Dolphin Corp LLC.
However, if you are the first external researcher to report a previously known vulnerability, you will be eligible for a reward.
On average, we review reports and conduct vulnerability assessments within sixty (60) business days. As soon as we are done with your report, we will write to you.
To protect our users, we ask that you do not disclose, discuss, publish, or confirm any vulnerability you have found until we have assessed it and released the necessary public updates.
Otherwise, we will be forced to void your participation in Binomo Bug Bounty and we will not be able to give you a reward.
We treat personal information and personal data responsibly and make every effort to ensure its security, and we ask you to do the same.
If during your research you have access to data and/or personal information of third parties:
immediately stop testing and doing any other activity in relation to that data and/or information;
delete it from any media storage you have, including in the cloud, and ensure it cannot be copied, processed, transferred, disclosed, provided, or any other similar actions;
report the incident to us at https://bugbounty.binomo.com/ and support our efforts to investigate and address any consequences of this occurrence.
If you do not comply with these conditions, we will not be able to give you a reward.
We value your time and effort and want you to be properly rewarded.
If your vulnerability report complies with the terms of Binomo Bug Bounty, we will gladly look into paying you a material bounty.
We will decide on the payment of remuneration and the amount at our discretion after assessing the report.
Each report is assessed individually based on the stated technical details and information. However, in all cases, we take into account the following criteria:
compliance of the report with the requirements that we ve imposed on it;
the existence of the vulnerability and its impact on products or technologies that fall within the scope of Binomo Bug Bounty;
the severity of the consequences that the vulnerability could create, and the likelihood of their occurrence.
In addition, we may pay an increased bonus if:
the potential impact of the vulnerability greatly affects the resilience of the protection system for products and technologies that are within the scope of Binomo Bug Bounty;
your report is well-prepared and includes detailed instructions on how to reproduce the vulnerability and evidence of its existence;
along with reporting the vulnerability, you offer a solution on how to fix/eliminate it and/or mitigate/minimize the possible consequences of it occurring;
you are first sending us this report about the vulnerability of products and technologies that are within the scope of Binomo Bug Bounty.
We will determine the procedure and terms for payment of remuneration. We will try to take into account your wishes.
Please note that you are responsible for all tax implications and other legal and administrative formalities that may be required in connection with the payment and receipt of remuneration.
We are interested in an honest and trustworthy relationship with Binomo Bug Bounty participants, so we ask you to assure us and guarantee the following:
By submitting a vulnerability report to us, you are acting in good faith and not violating or infringing on any rights or interests of third parties, and you do not intend to do so;
you are complying with and will comply with all applicable laws, including local laws of the country or region in which you reside, or where you download or use products and technologies that are within the scope of Binomo Bug Bounty;
you have not tried to nor intend to gain access to other peoples data and/or the personal information of third parties, including by exploiting a vulnerability.
Such activity is unauthorized and punishable by law.
For what you should do if you have inadvertently gained access to the data and/or information of third parties, please see above in the section Sensitive information and data.
We rely on your good faith. However, if you make any false representations, violate warranties, or act in a way that makes your behavior appear malicious or criminal, we will void your participation in Binomo Bug Bounty: you will not be able to claim any rewards and will indemnify and hold us harmless from any claims of any third parties and damages, including any loss or damage to property, and liability that arises or may arise in connection therewith.
By submitting a vulnerability report to us, you fully and in your own self-interest agree to the terms of this Policy, confirm the validity and authenticity of the representations and warranties contained in it, and also give free and informed consent to the following:
the processing of your personal data in accordance with our policy;
the conducting by our team of any necessary checks or testing of the stated vulnerability, including reproducing it, and you are thereby transferring to us the rights, including any exclusive ones, for any further use in our interests of the information provided by you and/or any parts of it, including relating to technology and development.
Moreover, any of our manipulations with the provided information specified in your vulnerability report are lawful, and you will not be able to have or waive any claims or assertions that may be related to our actions and/or your participation in Binomo Bug Bounty.
the disclosure, promulgation, and/or communication by us to the public of the stated vulnerability and/or other findings of yours or information provided to us in any manner that we deem appropriate and necessary in those circumstances;
your participation in checking the effectiveness of the elimination/correction of the vulnerability and/or the implementation of your other research. In this regard, we may ask you to evaluate the extent to which the measures we have taken have been successful and whether they have had any undesirable negative effects.
From time to time, we may change or supplement this Policy. If we do, we will post any changes on this page.
The amended Policy will apply to both new Binomo Bug Bounty participants and participants who were able to submit reports about a vulnerability before it came into force.