10xHostings encourages the responsible disclosure of security vulnerabilities in our services or on our website. In order to facilitate the responsible disclosure of security vulnerabilities, we agree that if, in our sole discretion, we conclude that a disclosure meets all of the guidelines of the 10xHostings Bug Rewards Program, 10xHostings will not bring any private or criminal legal action against the disclosing party.
10xHostings offers monetary bounties for the responsible disclosure of certain qualifying security vulnerabilities. Our Bug Rewards Program works as follows
Only the www.10xHostings.com web services are within scope for purposes of the 10xHostings Bug Rewards Program.
10xHostings will accept a report of any vulnerability that substantially affects the confidentiality or integrity of any eligible 10xHostings service. Eligible vulnerabilities include, but are not limited to:
Any domain not contained within www.10xHostings.com is out of scope for the purposes of the Bug Rewards Program, as is all hosted customer content and third-party programs and plug-ins.
The following actions do not qualify for the Bug Rewards Program and should not be tested by researchers participating in the Program:
10xHostings will not accept reports from automated vulnerability scanners.
All bounties are awarded at the discretion of the 10xHostings Bug Rewards Team, based on the severity of the reported vulnerability. Where an award is made, the minimum amount of the bounty will be Fifty Dollars ($50.00). Only one (1) bounty will be awarded per security bug. The awards will be made to the first researcher to responsibly disclose a particular bug.
Investigating and Reporting:
The security researcher submitting a vulnerability must thoroughly vet and confirm the vulnerability prior to submission. All submissions must include the following:
To report a vulnerability, please send an email to [email protected].
Any information that you collect about 10xHostings, 10xHostings employees, or 10xHostings customers (“Confidential Information”) through the Bug Rewards Program must be kept confidential and may only be used in connection with the Program. You may disclose vulnerabilities only after proper remediation has occurred and you may not disclose Confidential Information without 10xHostings’s prior written consent. Any disclosure of Confidential Information outside of this requirement will result in immediate removal from the Program.