Bug Bounty Program

Bug Bounty Program

CoRover is committed to a close collaboration with Tester/Developer/Security Researcher towards increasing client security and providing a premium bug free product. Tester/Developer/Security Researcher play an integral role in the ecosystem by identifying bug(s)/vulnerabilities missed in the software development process. If you are a Tester/Developer/Security Researcher that has found bug(s)/vulnerability in a CoRover product (ChatBot, VoiceBot & VideoBot), service, or device, we want to hear from you. If your vulnerability report affects a product or service, you may receive a bounty award.

Confidentiality Obligations:

For any submission to be covered under this Program, the submitter shall notify only CoRover of such bug(s)/vulnerability. It shall hold the bug(s)/vulnerability in utmost confidence and you may not use, disclose or distribute “Confidential Information” without CoRover’s prior written consent. CoRover reserves the right to modify or cancel this Bug Bounty Program and its policies at any time, without prior notice.

Disqualification from Program:

Some examples of the activities which shall be treated as disqualification(s) are listed below:  • Breach of confidentiality obligations under the Program and under law. • Attempt to extract or remove data from the services offered by CoRover. • Any ransomware attempts while performing activities in scope under this Program.  • Attempt to commercially exploit such vulnerability. • Attempt to hold CoRover accountable under any laws due to activities performed in scope under this Program.

Legal Action:

CoRover reserves the right to take all necessary and remedial legal action against the submitter, if it determines that the activities performed are a violation of applicable law, covered under the Disqualification, and/or have forced CoRover to face any legal consequences, which could have been avoided if a disclosure was made under this Program.

Procedure:

Please fill out the Submission form below to report any bug(s)/vulnerability with detailed steps to reproduce. we will revert back in 14 to 21 working days. Please, encrypt all email messages containing information related to potential Bugs/security vulnerabilities.  If you are having trouble encrypting your report or have any questions about the process, send a message to email@CoRover.mobi. We will work with you to identify a method to securely transmit your report.

Bug Bounty Awards:

You may be eligible to receive a Bounty; • Based on the potential impact of the security vulnerability. • For well-written reports with complete reproduction instructions / proof-of-concept (PoC) material. Eligibility for any bug bounty award and award amount determinations are made at CoRover’s sole discretion. If a functional mitigation or fix is proposed along with the reported bug(s)/vulnerability; • CoRover will award a bounty award for the first eligible report of a bug(s)/vulnerability. • Awards are limited to one (1) bounty award per eligible root-cause bug(s)/vulnerability. • CoRover will award a bounty $100 depending on the bug(s)/vulnerability type and originality, quality, and content of
the report. • Award amounts may change with time. Past rewards do not necessarily guarantee the same reward in the future.

In the report, please Include the following information:

• The name(s) of the CoRover product or technology and the respective version information (URL, if relevant). • Detailed description of the potential bug(s)/vulnerability. • Proof-of-concept that details the reproduction of the potential bug(s)/vulnerability. The more details provided in the initial report, the easier it will be for us to evaluate your report.

Bug Bounty Program
Summary Title
Help us with the nature of Bug(s)/Vulnerability.
Bug(s)/Vulnerability Details
Describe the Bug(s)/Vulnerability and its impact. Provide a proof of concept or replication steps.
Maximum upload size: 67.11MB
Attach proof-of-concept scripts, screenshots, screen recordings, etc.
Researcher Email 
Confirm your submission is accurate and adheres to CoRover’s terms & conditions.

Eligibility Criteria:

• You are reporting in your individual capacity or, if you are employed by a company or other entity and are reporting on behalf of your employer, you have your employer’s written approval to submit a report to CoRover’s Bug Bounty program. • You are at least 18 years of age, and, if considered a minor in your place of residence, you have your parent’s or legal guardian’s written permission prior to reporting. • You are not currently or have been an employee of CoRover Private Limited, its subsidiary, or affiliated company within the last 24 months. • You are not currently or have been under contract to CoRover Private Limited, its subsidiary, or affiliated company within the last 24 months. • You are not a family nor household member of any individual who currently or within the past 24 months meets or met the criteria listed in the two bullet points directly above. • You agree to participate in testing mitigation effectiveness and coordinate disclosure, release, and publication of your findings with CoRover. • You did not and will not access any personal information that is not your own, including by exploiting the vulnerability. • You did not and will not violate any applicable law or regulation, including laws prohibiting unauthorized access to information. To clarify, CoRover does not view testing that is done in compliance with the terms and conditions of this bug bounty program as unauthorized. • There may be additional restrictions on your eligibility to participate in the bug bounty depending upon your local laws.

If at any point while researching a vulnerability, you are unsure whether you should continue, immediately send a message to email@CoRover.mobi.