Okwo Labs do their best to ensure that their services are the best quality and safe from any dangers. These may happen and we are not completly able to prevent them. To make sure that they are revealed fast and patched, we share a Bug Bounty Program, where every customer can help finding bugs and issues.
These actions should encourage people to share their knowledge and findings with our company and cooperate with releasing fixes.
The safe products are for sure the most expected things from the customer side. We also do want to make sure that we have encouraging bounties and straight and simple rules about how we handle these situations.
This website relates to the actual APIs provided by the Okwo Labs and in case of any personal issues not associated with the products or associated with the personal configuration, please contact Okwo Labs Support.
1. Included Services
Any products, services and API endpoints that reasonably contain and control user information and/or other critical information. These include the website and the server infrastructure.
Any other softwares not legally released under Okwo Labs trademarks are not included in the program.
2. Reporting Rules
A) All the requests should be submitted to the Okwo Labs Support. These will be handled by the staff and directed to the special team. Make sure to report only qualifying security issues.
B) The team will analyse the issue and decide if it qualifies to this program.
C) Only the first submission of an issue will be accepted if it is not already known by the Okwo Labs.
D) The issue should not be disclosed to any third-party services until it is fixed. Disclosing it may result in bounty denial. You should not attempt to cause any damage or attempt to disrupt or compromise any personal data.
E) We will ensure to fix the issue as fast as possible and close the submission within 90 days.
F) There will be public information shared about the issue if it was critical and the payment will be distributed.
3. Program Scope
Reports listed below are within the scope of the program:
A) Security Leaks (Code Execution, Permission Elevation)
B) Infrastructure Flaws (XSS)
C) File or Database Access (Information Leaks)
D) Service Unavailability (Bugs, Issues)
E) Documentation Differences (Wiki)
We reserve the right to determine the final payment after reviewing the submission.
The reward depends on the report's quality. Make sure to include as many details as you can.
Each issue bounty will be analysed individually basing on how critical it is and how hard it is to find it. If the issue is not categorised above, the reward will also be revealed in the process if applicable.
4. Legal Notice
You are responsible for any tax implications implications depending on your country of residence. There may be additional restrictions that you should be aware of before entering the program.
You should not violate any law, disrupt or compromise any personal data that you gain access to.
The program is not a competition, but an experiment program that encourages people to handle any found leaks in a good way rather than sharing in illegal communities. We reserve the right to cancel the program at any time and not distribute the rewards.