Inqubomgomo ye-Bug Bounty
I-Paxful, Inc. (okubhekiselwa kuyo nangokuthi “Paxful,” “Thina,” “Thina,” noma “kwethu”) ithatha izinyahtelo ukuthuthukisa umkhiqizo wethu nokunikezela ngezixazululo zokuphepha kumakhasimende ethu. Kule Nqubomgomo Ye-Bug Bounty (“Inqubomgomo”), sichaza amakesi asebenzayo wohlelo lwethu lwe-Bug Bounty nokuthi kufanele lusetshenziswe kanjani ngokuhlangene nokusetshenziswa kwewebhusayithi yethu ku-https://paxful.com/, kufaka phakathi, kodwa akukhawulelwe, ku-Paxful Wallet, inkundla yokuhweba ye-Bitcoin, uhlelo lweselula, amakhasi wemidiya yomphakathi, noma ezinye izinto ze-inthanethi (ngokuhlangene, “Iwebhusayithi”), noma uma usebenzisa imikhiqizo, amasevisi, okuqukethwe, izici, ubuchwepheshe, noma imisebenzi esiyinikezelayo (ngokuhlangene, “Amasevisi”). Le nqubomgomo yenzelwe ukukusiza ukuthi uthole ulwazi mayelana nokuthi ungabamba kanjani iqhaza kuhlelo lwe-Bug Bounty, evikela imiphumela yocwaningo esebenzayo, nokuthi iziphi izinzuzo ongazithola. Sicela uqaphele ukuthi iminikelo yethu Yesevisi ingahluka ngesiyingi.
Kuzo zonke izinhloso, inguqulo yolwimi lwe-English yale nqubomgomo ye-bug bounty izoba ngeyoqobo, ithuluzi elibusayo. Esimweni lapho kunokushayisana phakathi kwenguqulo ye-English yale nqubomgomo ye-bug bounty nokunye ukuhumusha kwezinye izilimi, inguqulo yolwimi lwe-English izobusa futhi ilawule.
Yini Uhlelo lwe-Bug Bounty?
Ukuze kuthuthukiswe i-Paxful Namasevisi, Uhlelo lwe-Paxful Bug Bounty lunikezela abasebenzisi bethu ngethuba lokuzuza umklomelo wokukhomba izinkinga zokusebenza.
Ungaxhumana kanjani ngokutholile kohlelo lwakho lwe-Bug Bounty kithi?
Konke ukuxhumana okunjalo kufanele kuqondiswe ku-[email protected] Ekuthumeleni kwakho sicela ucacise incazelo ephelele yengcuphe nenkomba eqinisekisayo ukuthi ingcuphe ikhona (incazelo / izinyathelo zokwehlisa / izithombe-skrini / amavidiyo / imibhalo noma imisebenzi eminye enjalo).
Imithetho Yohlelo
Ukwaphulwa kweminye yale mithetho kungaholela ekungafaneleni i-bounty.
- Hlola kuphela ingcuphe ku-akhawunti okungeyakho noma ama-akhawunti owavumile kusuka kusiphathi se-akhawunti ukuze ahlole.
- Ungalokothi usebenzise ukuthola idatha yokufaka engcupheni/ye-exfiltrate noma i-pivot kumasistimu ethu. Sebenzisa isiqinisekiso sokuphela ukubonisa inkinga.
- Uma ulwazi oluzwelayo olufana nolwazi lomuntu siqu, imininingwane yokungena, njll,. lufinyelelwe njengenxenye yengcuphe, akufanele lulondolozwe, ludluliselwe, lufinyelelwe, noma lucubungulwe ngemuva kokuthola kokuqala.
- Abaphenyi bangahle bangakwazi, futhi abagunyaziwe ukuzibandakanya emisebenzini engaphazamisa, ukulimana noma ukulimala ku-Paxful.
- Abacwaningi akufanele badalule esidlangalaleni izingcuphe (ukwabelana ngemininingwane noma okunye nomunye umuntu ngaphandle kwesisebenzi esigunyaziwe se-Paxful), noma ukwabelana ngengcuphe nenkampani yangaphandle, ngaphandle kwemvume eshiwo ye-Paxful.
Sizihlaziya kanjani izinkinga ezikhonjiwe ngaphansi Kohlelo lwe-Bug Bounty?
Konke okutholiwe kuyahlaziywa kusetshenziswa indlela yengcuphe.
Isivumelwano Sokungadaluli
Ngaphambi kokuqala ukuxoxisana ngeminye imininingwane ephathelene nezinkinga eziqinisekisiwe ozikhombile ngaphansi Kohlelo lwe-Bug Bounty, kufaka phakathi isinxephezelo, njll, kuzodingeka ukuthi ungene nathi Kusivumelwano Sokungadaluli.
Siyikhokhela kanjani imiklomelo Yohlelo lwe-Bug Bounty?
Yonke leyo miklomelo ikhokhelwa i-Paxful. Yonke imiklomelo ingakhokhelwa kuphela uma ingaphikisani nemithetho esebenzayo neyokulawula, kufaka phakathi kodwa kungakhawulelwe ekuvimbeleni kokuhweba nemikhawulo yomnotho.
Kuzothatha isikhathi esingakanani ukuze sihlaziye okutholiwe Kohlelo lwakho lwe-Bug Bounty?
Ngenxa nesimo esihlukayo nesixubile sezinkinga zokusebenza, asiqalisanga imigqa yesikhathi yokuhlaziya okutholiwe ngaphansi Kohlelo lwe-Bug Bounty. Ukuhlaziya kwethu kuqedwa kuphela uma siqinisekise ubukhona noma ubungekho bengcuphe.
Yimaphi amakesi akhishiwe Kuhlelo lwe-Bug Bounty?
Ezinye izingozi zinakwa njengokuthi azikho ohlelweni lwe-Bug Bounty. Lezi zingozi ezingekho ohlelweni zibandakanya, kodwa azikhawulelwe kokulandelayo:
- Ugaxekile;
- Ubungozi obudinga ubunjiniyela bomphakathi/ubugebengu bokuthola imininingwane;
- Ukuhlaselwa kwe-DDOS;
- Izinkinga ezisuselwe ezinganawo amandla abonakalayo;
- Izingozi zokuphepha kuzinhlelo zezinkampani zangaphandle nakumawebhusayithi wangaphandle aqiniswe nge-Paxful;
- Okuphumayo kweskena noma imibiko eyenziwe iskena;
- Izinkinga ezitholakele ngokuhlola okuzenzakalelayo;
- Iziphazamisi ezikhululwe ngokomphakathi kusofthiwe le-inthanethi ezinsukwini ezingu-30 zokudalulwa kwazo;
- Ukuhlasela okunomuntu phakathi;
- Singatha imijovo yekhanda ngaphandle komthelela othile, obonakalayo;
- I-Self-XSS, ebandakanya i-payload efakwe ohlaselwe;
- Ukugena/ukuphuma kwe-CSRF;
Ulwazi Olungeziwe
Uma ufuna ulwazi olungeziwe mayelana nale Nqubomgomo, ungaxhumana nathi nge-imeyili ku-[email protected].